Smart-contract_vulnerabilities

Smart contract vulnerabilities refer to weaknesses or flaws in the design, implementation, or execution of smart contracts that can be exploited by attackers. These vulnerabilities can lead to unintended consequences, financial losses, or security breaches within the blockchain ecosystem

• Insufficient Gas Griefing
• Reentrancy
• Integer Overflow and Underflow
• Timestamp Dependence
• Authorization Through tx.origin
• Floating Pragma
• Outdated Compiler Version
• Unsafe Low-Level Call
• Uninitialized Storage Pointer
• Assert Violation
• Use of Deprecated Functions
• Delegatecall to Untrusted Callee
• Signature Malleability
• Incorrect Constructor Name
• Shadowing State Variables
• Weak Sources of Randomness from Chain Attributes
• Missing Protection against Signature Replay Attacks
• Requirement Validation
• Write to Arbitrary Storage Location
• Incorrect Inheritance Order
• Presence of Unused Variables
• Unencrypted Private Data On-Chain
• Inadherence to Standards
• Asserting Contract from Code Size
• Transaction-Ordering Dependence
• DoS with Block Gas Limit
• DoS with (Unexpected) revert
• Unexpected ecrecover null address
• Default Visibility
• Insufficient Access Control
• Off-By-One
• Lack of Precision

Further Reading

• https://github.com/ethereum/wiki/wiki/Safety
• https://swcregistry.io/
• https://eprint.iacr.org/2016/1007.pdf
• https://www.dasp.co/
• https://consensys.github.io/smart-contract-best-practices/
• https://github.com/sigp/solidity-security-blog
• https://solidity.readthedocs.io/en/latest/bugs.html

Contributions

Submit a PR!