Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Swift

Shell

Zig

Elixir

Rust

C#

CoffeeScript

Go

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Crystal

Swift

Erlang

Nix

MATLAB

Python

Kotlin

Dart

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇬🇭 Ghana

🇱🇻 Latvia

🇲🇽 Mexico

🇸🇱 Sierra Leone

🇦🇬 Antigua and Barbuda

🇬🇵 Guadeloupe

🇿🇲 Zambia

🇵🇼 Palau

All Countries Compare Countries

crytic/not-so-smart-contracts

This repository has been archived on 24/Feb/2023
Stars
2,150
Rank 21,457 (Top 0.5 %)
Language
Solidity
License
Apache License 2.0
Created about 7 years ago
Updated over 1 year ago

crytic/not-so-smart-contracts

crytic

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Examples of Solidity security issues

No-so-smart-contracts is now in building-secure-contracts (see https://secure-contracts.com/)

(Not So) Smart Contracts

This repository contains examples of common Ethereum smart contract vulnerabilities, including code from real smart contracts. Use Not So Smart Contracts to learn about EVM and Solidity vulnerabilities, as a reference when performing security reviews, and as a benchmark for security and analysis tools.

Features

Each Not So Smart Contract includes a standard set of information:

Description of the unique vulnerability type
Attack scenarios to exploit the vulnerability
Recommendations to eliminate or mitigate the vulnerability
Real-world contracts that exhibit the flaw
References to third-party resources with more information

Bonus! We have also included a repository and analysis of several honeypots.

Vulnerabilities

Not So Smart Contract	Description
Bad randomness	Contract attempts to get on-chain randomness, which can be manipulated by users
Denial of Service	Attacker stalls contract execution by failing in strategic way
Forced Ether Reception	Contracts can be forced to receive Ether
Incorrect Interface	Implementation uses different function signatures than interface
Integer Overflow	Arithmetic in Solidity (or EVM) is not safe by default
Race Condition	Transactions can be frontrun on the blockchain
Reentrancy	Calling external contracts gives them control over execution
Unchecked External Call	Some Solidity operations silently fail
Unprotected Function	Failure to use function modifier allows attacker to manipulate contract
Variable Shadowing	Local variable name is identical to one in outer scope
Wrong Constructor Name	Anyone can become owner of contract due to missing constructor

Credits

These examples are developed and maintained by Trail of Bits. Contributions are encouraged and are covered under our bounty program.

If you have questions, problems, or just want to learn more, then join the #ethereum channel on the Empire Hacking Slack or contact us directly.

slither

Static Analyzer for Solidity and Vyper

echidna

Ethereum smart contract fuzzer

building-secure-contracts

Guidelines and training material to write secure smart contracts

awesome-ethereum-security

A curated list of awesome Ethereum security references

evm-opcodes

Ethereum opcodes and instruction reference

ethersplay

EVM dissassembler

solc-select

Manage and switch between Solidity compiler versions

blockchain-security-contacts

Directory of security contacts for blockchain companies

pyevmasm

Ethereum Virtual Machine (EVM) disassembler and assembler

rattle

evm binary static analysis

etheno

Simplify Ethereum security analysis and testing

ida-evm

IDA Processor Module for the Ethereum Virtual Machine (EVM)

medusa

Parallelized, coverage-guided, mutational Solidity smart contract fuzzing, powered by go-ethereum

properties

Pre-built security properties for common Ethereum operations

crytic-compile

Abstraction layer for smart contract build systems

amarna

Amarna is a static-analyzer and linter for the Cairo programming language.

caracal

Static Analyzer for Starknet smart contracts

slither-action

evm_cfg_builder

EVM CFG recovery

echidna-streaming-series

A 6-part series on how to use Echidna on real-world codebases

optik

Optik is a set of symbolic execution tools that assist smart-contract fuzzers

fuzz-utils

A tool to automatically generate Foundry unit test cases from Echidna and Medusa failed properties

roundme

tayt

StarkNet smart contract fuzzer

diffusc

Experimental tool to ease the review of smart contracts upgrades

tealer

Static Analyzer for Teal

echidna-action

GitHub Action to run Echidna, the Ethereum smart contract fuzzer

attacknet

Tool and testing methodology for subjecting blockchain devnets to simulated network and side channel attacks

fluxture

A crawling framework for blockchains and peer-to-peer systems

secureum-medusa

echidna-spearbit-demo

Example code for testing using Echidna explained during the Spearbit presentation

slither-docs-action

Write documentation for your code in pull requests using Slither and OpenAI.

solana-lints

Lints based on the Sealevel Attacks

contract-explorer

Visual Studio Code integration for Slither, a Solidity static analysis framework

echidna-parade

trailofbits-security

The Trail of Bits Truffle Security Toolbox

whipstaff

A specification of the CBC Casper consensus protocols written in TLA+ and PlusCal (transpiled to TLA+)

cloudexec

A general purpose foundation for cloud-based fuzzing and mutation testing jobs

damn-vulnerable-defi-echidna

slither-docs-demo

A demo on how to use the slither-docs actions (https://github.com/crytic/slither-docs-action)

medusa-geth

A go-ethereum fork enabling additional testing capabilities for medusa

amarna-action

Github action for the Amarna static analyzer

slightly-smarter-contracts

vscode-starknet-explorer

StarkNet support extension for VSCode. Visualize StarkNet contracts: view storage variables, external and view functions, and events.

solc

fuzz-vs-fv

embark-contract-info

embark-contract-info

addressarrayutils_demo

Demonstration for using echidna to test a Solidity library

remix-plugin-8000

ethdam

slither-workshop

Slither workshop (secureum)

slither-lsp