Home

Awesome

Solidity Smart Contract Attack Vectors:

This Repository contains list of Solidity Attack Vectors. It includes most solidity vulnerabilities collected from various sources like SWC Registry, DeFi threat, DASP Top-10 and contents all over Internet. You can click each attack vectors and find details about it. This repository will be actively maintained and updated by QuillAudits.

If you find any attack vectors missing, you can create a pull request and be a contributor of the project.

Serial No.Attack Vectors
1Access Control Checks on Critical Function
2Account Existence Check for low level calls
3Arithmetic Over/Under Flows
4Assert Violation
5Authorization through tx.origin
6Bad Source of Randomness
7Block Timestamp manipulation
8Bypass Contract Size Check
9Code With No Effects
10Delegatecall
11Delegatecall to Untrusted Callee
12DoS with (Unexpected) revert
13DoS with Block Gas Limit
14Logical Issues
15Entropy Illusion
16Function Selector Abuse
17Floating Point and Numerical Precision
18Floating Pragma
19Forcibly Sending Ether to a Contract
20Function Default Visibility
21Hash Collisions With Multiple Variable Length Arguments
22Improper Array Deletion
23Incorrect interface
24Insufficient gas griefing
25Unsafe Ownership Transfer
26Loop through long arrays
27Message call with hardcoded gas amount
28Outdated Compiler Version
29Precision Loss in Calculations
30Price Manipulation
31Hiding Malicious Code with External Contract
32Public burn() function
33Race Conditions / Front Running
34Re-entrancy
35Requirement Violation
36Right-To-Left-Override control character (U+202E)
37Shadowing State Variables
38Short Address/Parameter Attack
39Signature Malleability
40Signature Replay Attacks
41State Variable Default Visibility
42Transaction Order Dependence
43Typographical Error
44Unchecked Call Return Value
45Unencrypted Private Data On-Chain
46Unexpected Ether balance
47Uninitialized Storage Pointer
48Unprotected Ether Withdrawal
49Unprotected SELFDESTRUCT Instruction
50Unprotected Upgrades
51Unused Variable
52Use of Deprecated Solidity Functions
53Write to Arbitrary Storage Location
54Wrong inheritance

References:

SWC Registry

DeFi-Threat

Runtimeverification - List-of-Security-Vulnerabilties

DASP-Top 10