Most common smart contracts vulnerabilities
Published in
6 min readJan 24, 2023
- Reentrancy: This vulnerability occurs when a contract calls an external contract and the external contract calls back into the first contract before the first contract has finished executing. This can allow an attacker to repeatedly execute malicious code in the contract and potentially drain the contract’s funds.
- Unchecked send: This vulnerability occurs when a contract sends funds to an external contract without checking the return value of the send function. If the send function fails (e.g. because the recipient contract is invalid), the funds will be lost.
- Integer overflow/underflow: This vulnerability occurs when an arithmetic operation produces a result that is larger or smaller than the maximum or minimum value that the variable type can represent. This can allow an attacker to manipulate the contract’s state in unintended ways.
- Uninitialized storage pointers: This vulnerability occurs when a contract accesses storage data that has not been properly initialized. This can lead to arbitrary read and write vulnerabilities.
- Lack of access control: This vulnerability occurs when a contract does not properly restrict access to certain functions or data. This can allow an attacker to call functions or read data that they should not have access to.
- Insecure randomness: This vulnerability occurs when a contract uses an insecure source of randomness, such as the block hash or timestamp, to generate random numbers. This can allow an attacker to predict the numbers and potentially manipulate the contract’s behavior.
- Denial of service (DoS): This vulnerability occurs when a contract does not properly handle exceptional conditions or exceptional input. An attacker can exploit this vulnerability by sending input or causing conditions that cause the contract to enter an infinite loop or otherwise consume all available resources, rendering the contract unable to function properly.
- Short address attack, also known as a “padding oracle attack,” is a vulnerability that can occur in smart contracts that use address validation functions to check the length of an address before performing certain actions. The vulnerability occurs when a smart contract checks the length of an Ethereum address, which is usually 20…
