Solidity Security Vulnerabilities: Unexpected Ether

A contract may be vulnerable if it incorrectly uses address(this).balance. I modified the EtherGame contract from wrote the Player and Attacker contact to demonstrate this vulnerability. How to Test: Deploy EtherGame and note the contract’s address Deploy the Player contract with 5 Ether and pass the address of EtherGame’s address to the constructor Deploy … Read more

Solidity Security Vulnerabilities: Arithmetic Over/Under Flows

Prior to v0.8.1, Solidity contracts were vulnerable to over/underflow attacks. This vulnerability caused mathematical operations of +, – and * to be exploited if the attacker can control the value of at least one operand. A demo for over/underflow behaviour is provided below: To see the vulnerability in action, lets see the contract from one … Read more

Solidity Security Vulnerabilities

Here is a list of smart contract security vulnerabilities I made while going through this blog post by Sigma Prime: Some vulnerabilities have been fixed since the blog was published and I have highlighted the same where ever necessary. This is going to be a series of posts, listed below: … Read more

Solidity Security Vulnerabilities: Re-Entrancy

Re-entrancy, as the name suggests, is when a Contract A calls a function in an untrusted contract B which then calls A again maliciously. In the example I provide below, the contract named “Vulnerable” is a faucet that provides 10 wei per week to any caller. Our “Attacker” contract exploits the fact that: The Vulnerable … Read more

Hello World or How I learned Solidity Security Principles

This is a list of resources that I used in my journey towards learning about Ethereum, Solidity and its security landscape: If you are like me and want to begin by learning about blockchain fundamentals then start with this intro: For a deep dive into Ethereum, read the first 6 chapters of the Mastering … Read more