Quillhash/Solidity-Attack-Vectors Quillhash/Solidity-Attack-Vectors

  • Stars
    star
    405
  • Rank 106,656 (Top 3 %)
  • Language
  • Created about 2 years ago
  • Updated 10 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Quillhash/Solidity-Attack-Vectors
github

Quillhash

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This Repository contains list of Common Solidity SmartContract Attack Vectors. If you find any attack vectors missing, you can create a pull request and be a contributor of the project.

Solidity Smart Contract Attack Vectors:

This Repository contains list of Solidity Attack Vectors. It includes most solidity vulnerabilities collected from various sources like SWC Registry, DeFi threat, DASP Top-10 and contents all over Internet. You can click each attack vectors and find details about it. This repository will be actively maintained and updated by QuillAudits.

If you find any attack vectors missing, you can create a pull request and be a contributor of the project.

PDF Version: Solidity_Vectors_QuillAudits.pdf

Serial No. Attack Vectors
1 Access Control Checks on Critical Function
2 Account Existence Check for low level calls
3 Arithmetic Over/Under Flows
4 Assert Violation
5 Authorization through tx.origin
6 Bad Source of Randomness
7 Block Timestamp manipulation
8 Bypass Contract Size Check
9 Code With No Effects
10 Delegatecall
11 Delegatecall to Untrusted Callee
12 DoS with (Unexpected) revert
13 DoS with Block Gas Limit
14 Logical Issues
15 Entropy Illusion
16 Function Selector Abuse
17 Floating Point and Numerical Precision
18 Floating Pragma
19 Forcibly Sending Ether to a Contract
20 Function Default Visibility
21 Hash Collisions With Multiple Variable Length Arguments
22 Improper Array Deletion
23 Incorrect interface
24 Insufficient gas griefing
25 Unsafe Ownership Transfer
26 Loop through long arrays
27 Message call with hardcoded gas amount
28 Outdated Compiler Version
29 Precision Loss in Calculations
30 Price Manipulation
31 Hiding Malicious Code with External Contract
32 Public burn() function
33 Race Conditions / Front Running
34 Re-entrancy
35 Requirement Violation
36 Right-To-Left-Override control character (U+202E)
37 Shadowing State Variables
38 Short Address/Parameter Attack
39 Signature Malleability
40 Signature Replay Attacks
41 State Variable Default Visibility
42 Transaction Order Dependence
43 Typographical Error
44 Unchecked Call Return Value
45 Unencrypted Private Data On-Chain
46 Unexpected Ether balance
47 Uninitialized Storage Pointer
48 Unprotected Ether Withdrawal
49 Unprotected SELFDESTRUCT Instruction
50 Unprotected Upgrades
51 Unused Variable
52 Use of Deprecated Solidity Functions
53 Write to Arbitrary Storage Location
54 Wrong inheritance

References:

SWC Registry

DeFi-Threat

Runtimeverification - List-of-Security-Vulnerabilties

DASP-Top 10

More Repositories

1

QuillAudit_Auditor_Roadmap

This repository contains a mindmap and stepwise resource to get started with Smart Contract Auditing. If you find anything missing or want to update existing resources, feel free to create a pull request.
472
star
2

Web3-Security-Tools

This repository contains a list of the most popular and widely used tools in web3 security. If you find any tools missing, you can create a pull request and be a contribute the project.
381
star
3

QuillAudit_Reports

QuillAudits Smart Contracts, deFi, NFT, tokens,Dao , Dex and DApps Audit Reports
335
star
4

NFT-Attack-Vectors

This Repository contains list of Common NFT Attack Vectors. If you find any attack vectors missing, you can create a pull request and be a contributor of the project.
256
star
5

DeFi-Attack-Vectors

This Repository contains list of Common DeFi threat and Attack Vectors. If you find any attack vectors missing, you can create a pull request and be a contributor of the project.
212
star
6

Zero-Knowledge-Mastery

This repository contains list of resources to aid your journey of mastering Zero Knowledge Proofs. If you find any resource missing, you can create a pull request and be a contributor of the project.
203
star
7

EVM-Mastery

This repository contains list of resources to aid your journey of mastering Ethereum Virtual Machine. If you find any resource missing, you can create a pull request and be a contributor of the project.
201
star
8

Smart-contract-Auditing-Methodology-mindmap

This repository contains a mindmap on smart contract auditing methodology and different steps in how to audit a smart contract.
179
star
9

Smart-Contract-Developer-Roadmap

Here is the best roadmap for you to become a Smart Contract Developer! If you find anything missing or want to update existing resources, you can create a pull request and contribute to the project.
70
star
10

Quill-CTFs

Quill CTF is a game in which you hack Ethereum smart contracts to learn about security. The game is designed to educate players on how to identify and fix security issues in Ethereum smart contracts.
Solidity
56
star
11

Real-World-Assets

This repository comprises the theoretical and technical aspects of tokenisation of real world assets.
Solidity
34
star
12

DeFi-anti-hack-checklist

This repo contains anti-hack checklists, which will help projects to build and develop secure DeFi applications. If you find anything missing or want to update existing resources, you can create a pull request and contribute to the project.
31
star
13

upradeableToken

Smart contracts upgrade , delegateProxy
JavaScript
22
star
14

dNFTs

Distributed ownership of NFT assets on EOS
21
star
15

Blockchain-Attack-vectors

This Repository contains list of Common Blockchain threats and Attack Vectors. If you find any attack vectors missing, you call create a pull request and be a contributor of the project.
20
star
16

NFT-anti-hack-checklist

In this repository, we have created a checklist for developers as well as for users to prevent these hacks/scams and stay safe from these hackers/scammers. If you find anything missing or want to update existing resources, you can create a pull request and contribute to the project.
16
star
17

BEP20Token

binance chain BEP-20 token
Solidity
12
star
18

Proxies-Security

This repository comprises of everything you need to know about Solidity proxies, upgradeable smart contracts and their security.
6
star
19

ConsensysIndiaHack

credit scores on blockchain
CSS
5
star
20

Crowdsale_EOS

Basic Crowdsale smart contract in EOS
C++
3
star
21

MetaTransactiosn_UniversalLogins_Proxy

Blockchain better UX , onboarding Registry (Meta transactions , Universal Logins)
3
star
22

hyperledger-composer-supplychain

hyperledger fabric supply chain
2
star
23

Quill.Capital

Security Tokens Issuance Platform
JavaScript
2
star
24

forwards-checks

Forwards Contracts Trading on R3 CORDA
Kotlin
2
star
25

infiniverse-community-audit

A community audit for the Infiniverse EOS smart contracts
Python
1
star
26

EOS-Crowdsale

A decentralized crowdsale smart contract built on EOS.
C++
1
star
27

stellar-hyperledger-telemedicine

electronic health records on blockchain (hyperledger, stellar)
TypeScript
1
star
28

MultiInserter

Script to insert thousands of records in smart contract mapping.
JavaScript
1
star
29

quillTrace

QuillTrace , supply chain smart contracts
1
star
30

eosio-token

Standard EOSIO token contracts with test cases in python created using eos factory
C++
1
star