Smart Contract Vulnerabilities
A collection of smart contract vulnerabilities along with prevention methods
Access Control
- Authorization Through tx.origin
- Insufficient Access Control
- Delegatecall to Untrusted Callee
- Signature Malleability
- Missing Protection against Signature Replay Attacks
Math
Control Flow
- Reentrancy
- DoS with Block Gas Limit
- DoS with (Unexpected) revert
- Using
msg.value
in a Loop - Transaction-Ordering Dependence
- Insufficient Gas Griefing
Data Handling
- Unchecked Return Value
- Write to Arbitrary Storage Location
- Unbounded Return Data
- Uninitialized Storage Pointer
- Unexpected
ecrecover
null address
Unsafe Logic
- Weak Sources of Randomness from Chain Attributes
- Hash Collision when using abi.encodePacked() with Multiple Variable-Length Arguments
- Timestamp Dependence
- Unsafe Low-Level Call
- Unsupported Opcodes
- Unencrypted Private Data On-Chain
- Asserting Contract from Code Size