LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Top 10 smart contract vulnerabilities on Ethereum

1 year ago 70
BOOK THIS SPACE FOR AD
ARTICLE AD
Photo by Nenad Novaković on Unsplash

NCC group started an initiative called DASP for Decentralized Application Security Project in 2018. It covers the top 10 vulnerabilities found in smart contracts running on the Ethereum blockchain.

This is a quick summary of the top 10:

Reentrancy: Occurs when external contract calls are allowed to make new calls to the calling contract before the initial execution is complete. For example, we call to another function before to update the contract value.Access Control: When the smart contract is created the owner has to be setup properly and afterwards enough controls have to be in place to allow certain functions to be executed only by the owner.Arithmetic Issues: Integer underflows or overflows might be an issue when dealing with the contract’s value.Unchecked Return Values For Low Level Calls: Low level functions call(), callcode(), delegatecall() and send() can return false. We must verify the return value before assume that it was executed successfully.Denial of Service: When dealing with smart contracts, gas prices are important. In a DOS attack for smart contracts, the gas price is higher than the maximum gas price allowed. Therefore, the contract cannot be run.Bad Randomness: Smart contracts are publicly open on the blockchain. Do not codify any pseudo-random logic on them and use an external oracle as a source of entropy.Front-Running (Race conditions): Users can specify higher fees to have their transactions mined more quickly than others. A malicious user can overrun another transaction by sending their transaction with higher fees to preempt the original transaction.Time manipulation: If there is a time dependency built-in in the smart contract, a malicious miner could hold their stake to adapt to the specified timestamp.Short Address Attack: Smart contract addresses are uint256, if a developer only uses uint the EVM will pad with zeroes the remaining bytes manipulating the recipient address.Unknown Unknowns: Solidity is a new computer language… anything can happen.

More info: https://www.dasp.co/

https://swcregistry.io/

Read Entire Article
  3. Top 10 smart contract vulnerabilities on Ethereum

Related

Unraveling the Web of Price Manipulation Safeguarding Fairness in Markets

Unraveling the Web of Price Manipulation Safeguarding Fairness in Markets

Unveiling Order Processing Vulnerabilities Protecting Your Business in the Digital Era

Unveiling Order Processing Vulnerabilities Protecting Your Business in the Digital Era

5 bugs in one program $$$

5 bugs in one program $$$

Multiple Business Logic Errors in APPLE music/TV allowing bypass of parental controls

Multiple Business Logic Errors in APPLE music/TV allowing bypass of parental controls

Gaining Control: How Response Manipulation Leads to Higher Privileges (PoC)

Gaining Control: How Response Manipulation Leads to Higher Privileges (PoC)

A Arte de Explorar SQL Injection: Uma abordagem profunda

A Arte de Explorar SQL Injection: Uma abordagem profunda

Trending

1. Inter Miami
2. Bridgerton Season 3
3. Chelsea
4. Man United vs Newcastle
5. Sandeep Lamichhane
6. Nirmala Sitharaman
7. Harshal Patel
8. Slovakia
9. RBSE 10th Result 2024
10. Madhavi Raje

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved