Skip to content

List of Security Vulnerabilities

Jump to bottom
Denis Bogdanas edited this page Jan 23, 2019 · 12 revisions

Introduction

This page contains a comprehensive list of common smart contract security vulnerabilities, compiled from various sources. We use it as our reference list for security audits. In this page we only include basic information. Please click the links in sub-titles to see more details for each attack.

The list

1. Re-Entrancy

happens when a contract A calls a malicious external contract B as part of its operation, which recursively calls A again. Consequently, a transaction that would normally be allowed to run only once, can be executed multiple times. To prevent this sort of attack, contract A must modify its internal state before calling B, in such a way as to detect and prevent re-entrancy.

2. Arithmetic Over/Under Flows

3. Unexpected Ether

4. Delegatecall

5. Default Visibilities

6. Entropy Illusion

7. External Contract Referencing

8. Short Address/Parameter Attack

9. Unchecked CALL Return Values

10. Race Conditions / Front Running

11. Denial Of Service (DOS)

12. Block Timestamp Manipulation

13. Constructors with Care

14. Unintialised Storage Pointers

15. Floating Points and Numerical Precision

16. tx.origin Authentication

17. Constantinople gas issue

Clone this wiki locally