Smart Contract Vulnerabilities

A collection of smart contract vulnerabilities along with prevention methods

Access Control

• Authorization Through tx.origin
• Insufficient Access Control
• Delegatecall to Untrusted Callee
• Signature Malleability
• Missing Protection against Signature Replay Attacks

Math

• Integer Overflow and Underflow
• Off-By-One
• Lack of Precision

Control Flow

• Reentrancy
• DoS with Block Gas Limit
• DoS with (Unexpected) revert
• Using msg.value in a Loop
• Transaction-Ordering Dependence
• Insufficient Gas Griefing

Data Handling

• Unchecked Return Value
• Write to Arbitrary Storage Location
• Unbounded Return Data
• Uninitialized Storage Pointer
• Unexpected ecrecover null address

Unsafe Logic

• Weak Sources of Randomness from Chain Attributes
• Hash Collision when using abi.encodePacked() with Multiple Variable-Length Arguments
• Timestamp Dependence
• Unsafe Low-Level Call
• Unsupported Opcodes
• Unencrypted Private Data On-Chain
• Asserting Contract from Code Size

Code Quality

• Floating Pragma
• Outdated Compiler Version
• Use of Deprecated Functions
• Incorrect Constructor Name
• Shadowing State Variables
• Incorrect Inheritance Order
• Presence of Unused Variables
• Default Visibility
• Inadherence to Standards
• Assert Violation
• Requirement Violation