The Smart Contract Security Field Guide for Hackers¶
Security has never been more critical in the rapidly evolving world of blockchain technology. Understanding the wide range of attacks on smart contracts is vital for developers, auditors, and bug bounty hunters. This collection of articles tries to serve as an educational resource to cultivate offensive security skills in the community and help identify and prevent common vulnerabilities in smart contract systems.
| Category | Description |
|---|---|
| ABI Hash Collisions | Insights into the consequences of ABI hash collisions on smart contracts. |
| Ambiguous Evaluation Order | Solidity's ambiguous evaluation order and potential weaknesses. |
| Approval Vulnerabilities | Token approvals, their security risks, and concrete exploits that result in the loss of user funds. |
| Exposed Data | The dangers of storing PII and related artifacts on-chain. |
| Frontrunning | The role of frontrunning in blockchain and related potential exploits. |
| Griefing | The implications of griefing for the operations of smart contracts. |
| Incorrect Parameter Order | The common pitfall of providing a set of parameters ordered differently than expected. |
| Oracle Manipulation Attacks | Security vulnerabilities associated with centralized and decentralized oracles. |
| Reentrancy Attacks | The threat of reentrancy attacks to the security of smart contracts. |
| Signature-related Attacks | How malfunctioning signature validation can compromise smart contracts. |
| Unexpected Ether Transfers | Risks and precautions related to unexpected Ether transfers in smart contracts. |