aaruni

A contract may be vulnerable if it incorrectly uses address(this).balance. I modified the EtherGame contract from https://github.com/sigp/solidity-security-blog#3-unexpected-ether-1 wrote the Player and Attacker contact to demonstrate this vulnerability. How to Test: Deploy EtherGame and note the contract’s address Deploy the Player contract with 5 Ether and pass the address of EtherGame’s address to the constructor Deploy … Read more

Prior to v0.8.1, Solidity contracts were vulnerable to over/underflow attacks. This vulnerability caused mathematical operations of +, – and * to be exploited if the attacker can control the value of at least one operand. A demo for over/underflow behaviour is provided below: To see the vulnerability in action, lets see the contract from one … Read more

Here is a list of smart contract security vulnerabilities I made while going through this blog post by Sigma Prime: https://blog.sigmaprime.io/solidity-security.html. Some vulnerabilities have been fixed since the blog was published and I have highlighted the same where ever necessary. This is going to be a series of posts, listed below: https://aaruni.io/2022/08/solidity-security-vulnerabilities-re-entrancy https://aaruni.io/2022/08/solidity-security-vulnerabilities-arithmetic-over-under-flows https://aaruni.io/2022/08/solidity-security-vulnerabilities-unexpected-ether https://aaruni.io/2022/08/solidity-security-vulnerabilities-tx-origin-authentication … Read more

Re-entrancy, as the name suggests, is when a Contract A calls a function in an untrusted contract B which then calls A again maliciously. In the example I provide below, the contract named “Vulnerable” is a faucet that provides 10 wei per week to any caller. Our “Attacker” contract exploits the fact that: The Vulnerable … Read more