Awesome

No-so-smart-contracts is now in building-secure-contracts (see https://secure-contracts.com/)

(Not So) Smart Contracts

This repository contains examples of common Ethereum smart contract vulnerabilities, including code from real smart contracts. Use Not So Smart Contracts to learn about EVM and Solidity vulnerabilities, as a reference when performing security reviews, and as a benchmark for security and analysis tools.

Features

Each Not So Smart Contract includes a standard set of information:

Description of the unique vulnerability type
Attack scenarios to exploit the vulnerability
Recommendations to eliminate or mitigate the vulnerability
Real-world contracts that exhibit the flaw
References to third-party resources with more information

Bonus! We have also included a repository and analysis of several honeypots.

Vulnerabilities

Not So Smart Contract	Description
Bad randomness	Contract attempts to get on-chain randomness, which can be manipulated by users
Denial of Service	Attacker stalls contract execution by failing in strategic way
Forced Ether Reception	Contracts can be forced to receive Ether
Incorrect Interface	Implementation uses different function signatures than interface
Integer Overflow	Arithmetic in Solidity (or EVM) is not safe by default
Race Condition	Transactions can be frontrun on the blockchain
Reentrancy	Calling external contracts gives them control over execution
Unchecked External Call	Some Solidity operations silently fail
Unprotected Function	Failure to use function modifier allows attacker to manipulate contract
Variable Shadowing	Local variable name is identical to one in outer scope
Wrong Constructor Name	Anyone can become owner of contract due to missing constructor

Credits

These examples are developed and maintained by Trail of Bits. Contributions are encouraged and are covered under our bounty program.

If you have questions, problems, or just want to learn more, then join the #ethereum channel on the Empire Hacking Slack or contact us directly.