Smart Contract vulnerabilities

From WEB3 Vulnerapedia
Jump to navigation Jump to search

This article highlights some common smart contract vulnerabilities and the potential risks associated with them. Smart contracts are self-executing contracts with the terms directly written into code. They run on blockchain platforms like Ethereum and Bitcoin. While smart contracts offer numerous benefits, they are not immune to vulnerabilities.

List of Smart Contract Vulnerabilities

Bridge vulnerabilities

Cryptography vulnerabilities

ERC-20 vulnerabilities

Fallback Receive vulnerabilities

Low Level Calls vulnerabilities

Math

MEV

Proxy vulnerabilities

Reentrancy

Signature reply

Solidity Compiler vulnerability

Vulnerabilities without category

Reentrancy Attacks

Reentrancy attacks occur when a contract is allowed to call itself or another contract multiple times before the previous operation is completed. Attackers exploit this by repeatedly reentering a vulnerable contract to drain its funds or manipulate its state.

Risk: Loss of Funds

Reentrancy attacks can lead to the draining of funds from the contract, causing financial losses for users and developers.

3. Denial-of-Service (DoS) Attacks

DoS attacks aim to disrupt the normal operation of a smart contract by consuming excessive resources or blocking its execution. Attackers exploit inefficient algorithms or expensive computations to overload the contract.

Risk: Contract Unavailability

DoS attacks can render the smart contract unresponsive, leading to service disruption and denial of access to legitimate users.

4. Front-Running Attacks

Front-running attacks occur when malicious actors exploit the time lag between transaction broadcasting and confirmation on the blockchain to execute their own transactions first. This tactic is often used to manipulate contract outcomes.

Risk: Unfair Advantage

Front-running can lead to unfair advantages, causing potential financial losses or manipulation of contract results.

5. Unchecked External Calls

Smart contracts sometimes interact with external contracts. When these interactions are not properly validated or controlled, attackers can exploit them to execute malicious code in the context of the contract.

Risk: Unauthorized Actions

Unchecked external calls can result in unauthorized actions, enabling attackers to tamper with the contract state or steal funds.