{"id":48898117,"url":"https://github.com/harendra-shakya/smart-contract-attack-vectors","last_synced_at":"2026-04-16T12:07:27.040Z","repository":{"id":113486115,"uuid":"561939279","full_name":"harendra-shakya/smart-contract-attack-vectors","owner":"harendra-shakya","description":"A curated list of smart contract attack vectors","archived":false,"fork":false,"pushed_at":"2024-08-23T16:52:29.000Z","size":72,"stargazers_count":487,"open_issues_count":0,"forks_count":101,"subscribers_count":12,"default_branch":"main","last_synced_at":"2024-08-23T18:44:34.609Z","etag":null,"topics":["attack-vector","attack-vectors","auditing","best-practices","binance-smart-chain","defi","ethereum","evm","polygon","security","smart-contract","smart-contract-security","smart-contracts","smart-contracts-audit","solidity"],"latest_commit_sha":null,"homepage":"https://github.com/harendra-shakya/support/blob/main/README.md","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/harendra-shakya.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"harendra-shakya"}},"created_at":"2022-11-04T21:04:21.000Z","updated_at":"2024-08-23T16:52:32.000Z","dependencies_parsed_at":"2024-08-23T18:36:23.561Z","dependency_job_id":null,"html_url":"https://github.com/harendra-shakya/smart-contract-attack-vectors","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/harendra-shakya/smart-contract-attack-vectors","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harendra-shakya%2Fsmart-contract-attack-vectors","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harendra-shakya%2Fsmart-contract-attack-vectors/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harendra-shakya%2Fsmart-contract-attack-vectors/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harendra-shakya%2Fsmart-contract-attack-vectors/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/harendra-shakya","download_url":"https://codeload.github.com/harendra-shakya/smart-contract-attack-vectors/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harendra-shakya%2Fsmart-contract-attack-vectors/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31884966,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-16T11:36:10.202Z","status":"ssl_error","status_checked_at":"2026-04-16T11:36:09.652Z","response_time":69,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attack-vector","attack-vectors","auditing","best-practices","binance-smart-chain","defi","ethereum","evm","polygon","security","smart-contract","smart-contract-security","smart-contracts","smart-contracts-audit","solidity"],"created_at":"2026-04-16T12:07:26.355Z","updated_at":"2026-04-16T12:07:27.027Z","avatar_url":"https://github.com/harendra-shakya.png","language":null,"funding_links":["https://github.com/sponsors/harendra-shakya"],"categories":[],"sub_categories":[],"readme":"# Smart contract attack vectors\n\nThe goal of this repository is to compile all possible smart contract vulnerabilities and resources for learning about them.\n\nFeel free to submit a pull request, with anything from small fixes to docs or tools you'd like to add.\n\n[![Support Project](https://img.shields.io/badge/Support-Project-critical)](https://github.com/harendra-shakya/support/blob/main/README.md)\n\n## List of Security Vulnerabilities\n\n- [Access Control](attack-vectors/Access_Control.md)\n  - [Authentication With tx.origin](attack-vectors/Access_Control.md/#authentication-with-txorigin)\n  - [Default Visibility](attack-vectors/Access_Control.md/#default-visibility)\n  - [Signature Verification](attack-vectors/Access_Control.md/#signature-verification)\n  - [Unprotected Ether Withdrawal](attack-vectors/Access_Control.md/#unprotected-ether-withdrawal)\n  - [Unprotected SELFDESTRUCT Instruction](attack-vectors/Access_Control.md/#unprotected-selfdestruct-instruction)\n  - [Missed Modifier](attack-vectors/Access_Control.md/#missed-modifier)\n  - [Incorrect Modifier Names](attack-vectors/Access_Control.md/#incorrect-modifier-names)\n  - [Overpowered Roles](attack-vectors/Access_Control.md/#overpowered-roles)\n- [Account Existence Check for low level calls](attack-vectors/Account_Existence_Check_for_low_level_calls.md)\n- [Arbitrary Jumps with Function Variables](attack-vectors/Arbitrary_Jumps_with_Function_Variables.md)\n- [Assert Violation](attack-vectors/Assert_Violation.md)\n- [Bypass Contract Size Check](attack-vectors/Bypass_Contract_Size_Check.md)\n- [Code With No Effects](attack-vectors/Code_With_No_Effects.md)\n- [Complex Modifiers](attack-vectors/Complex_Modifiers.md)\n- [DOS](attack-vectors/DOS.md)\n  - [Unexpected Revert](attack-vectors/DOS.md/#unexpected-revert)\n  - [Block Gas Limit](attack-vectors/DOS.md/#block-gas-limit)\n  - [External Calls without Gas Stipends](attack-vectors/DOS.md/#external-calls-without-gas-stipends)\n- [Dirty Higher Order Bits](attack-vectors/Dirty_Higher_Order_Bits.md)\n- [Entropy Illusion / Insecure Randomness](attack-vectors/Entropy_Illusion.md)\n- [Experimental Language Features](attack-vectors/Experimental_Language_Features.md)\n- [External Contract Referencing](attack-vectors/External_Contrac_Referencing.md)\n- [Flash Loan Attacks](attack-vectors/Flash_Loan_Attack.md)\n- [Floating Point Arithmetic](attack-vectors/Floating_Point_Arithmetic.md)\n- [Frontend (Off Chain) Attacks](\u003cattack-vectors/Frontend_(Off_Chain)_Attacks.md\u003e)\n  - [Short Address Attack](\u003cattack-vectors/Frontend_(Off_Chain)_Attacks.md/\u003e)\n- [Force Feeding](attack-vectors/Force_Feeding.md)\n- [Function Selector Abuse](attack-vectors/Function_Selector_Abuse.md)\n- [Griefing](attack-vectors/Griefing.md)\n- [Hiding Malicious Code](attack-vectors/Hidden_malicious_code.md)\n- [Historic Attacks](attack-vectors/Historic_Attacks.md)\n  - [Constructor Names](attack-vectors/Historic_Attacks.md/#constructor-names)\n  - [Call Depth Attack](attack-vectors/Historic_Attacks.md/#constructor-names)\n  - [Solidity Abi Encoder v2 Bug](attack-vectors/Historic_Attacks.md/#solidity-abi-encoder-v2-bug)\n- [Improper Array Deletion](attack-vectors/Improper_Array_Deletion.md)\n- [Incorrect Interface](attack-vectors/Incorrect_Interface.md)\n- [Insufficient Gas Attacks](attack-vectors/Insufficient_Gas_Attacks.md)\n- [Integer Arithmetic](attack-vectors/Integer_Arithmetic.md)\n- [Loop through long arrays](attack-vectors/Loop_through_long_arrays.md)\n- [Message call with hardcoded gas amount](attack-vectors/Message_call_with_hardcoded_gas_amount.md)\n- [Miner Attacks](attack-vectors/Miners_Attack.md)\n  - [Transaction Ordering / Frontrunning](attack-vectors/Miners_Attack.md/#transaction-ordering--frontrunning)\n  - [Timestamp Manipulation](attack-vectors/Miners_Attack.md/#timestamp-manipulation)\n- [Offline Owner](attack-vectors/Offline_Owner.md)\n- [Oracle Manipulation](attack-vectors/Oracle_Manipulation.md)\n- [Outdated Compiler](attack-vectors/Outdated_Compiler.md)\n- [Payable Multicall](attack-vectors/Payable_Multicall.md)\n- [Precision Loss in Calculations](attack-vectors/Precision_Loss_in_Calculations.md)\n- [Privacy Illusion](attack-vectors/Privacy_Illusion.md)\n- [Proxy Storage Collision](attack-vectors/Proxy_Storage_Collision.md)\n- [Reentrancy](attack-vectors/Reentrancy.md)\n- [Right-To-Left-Override control character (U+202E)](\u003cattack-vectors/Right-To-Left-Override_control_character_(U%2B202E).md\u003e)\n- [Sandwich Attacks](attack-vectors/Sandwich_Attack.md)\n- [Signature Replay](attack-vectors/Signature_Replay.md)\n- [Unchecked External Calls](attack-vectors/Unchecked_External_Calls.md)\n- [Uninitialized Storage Pointers](attack-vectors/Uninitialized_Storage_Pointers.md)\n- [Unprotected Upgrades](attack-vectors/Unprotected_Upgrades.md)\n- [Unsafe Delegatecalls](attack-vectors/Unsafe_Delegatecall.md)\n- [Unused Variable](attack-vectors/Unused_Variable.md)\n- [Use of Deprecated Solidity Functions](attack-vectors/Use_of_Deprecated_Solidity_Functions.md)\n- [Variable Shadowing](attack-vectors/Variable_Shadowing.md)\n- [Writes to Arbitrary Storage Locations](attack-vectors/Writes_to_Arbitrary_Storage_Locations.md)\n- [Wrong inheritance](attack-vectors/Wrong_inheritance.md)\n\n#\n\n## [CTFs](tools-and-ctfs/CTFs.md)\n\n## [Security Tools](tools-and-ctfs/Web3_Security_Tools.md)\n\n## Articles / Papers to read\n\n- Blockchain Security Roadmap - https://lnkd.in/gPw7Nf4J\n\n\n\n\n\n- The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts - https://lnkd.in/gnzDrXaH\n\n\n\n- BLOCKEYE - Hunting For DeFi Attacks on Blockchain - https://lnkd.in/gvxmW8Hu\n\n\n\n- Topological Anomaly Detection in Dynamic Multilayer Blockchain Networks - https://lnkd.in/gPG6vrAM\n\n\n\n- Verification of the Incremental Merkle Tree Algorithm with Dafny - https://lnkd.in/gfk3YrEd\n\n\n\n- GoHammer Blockchain Performance Test Tool - https://lnkd.in/gHhjWdHj\n\n\n\n- EtherClue: Digital investigation of attacks on Ethereum smart contracts - https://lnkd.in/gvuaaKaT\n\n\n\n- Requirement Analyses and Evaluations of Blockchain Platforms per Possible Use Cases - https://lnkd.in/g7G9Rpxj\n\n\n\n- A Note on Privacy in Constant Function Market Makers - https://lnkd.in/guEEV7Gm\n\n\n\n- An approach to detect Denial of Service Vulnerability in Ethereum Smart Contracts - https://lnkd.in/gT3C-9fq\n\n\n\n- AGSolT: a Tool for Automated Test-Case Generation for Solidity Smart Contracts - https://lnkd.in/gYDvEndF\n\n\n\n- Reentrancy Vulnerability Identification in Ethereum Smart Contracts - https://lnkd.in/g6EVMjpg\n\n\n\n- Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities - https://lnkd.in/gqTS47JW\n\n\n\n- SuMo: A Mutation Testing Strategy for Solidity Smart Contracts - https://lnkd.in/gm_ut_ev\n\n\n\n- A Framework and DataSet for Bugs in Ethereum Smart Contracts - https://lnkd.in/gGNzC8iz\n\n\n\n- Extracting Smart Contracts Tested and Verified in Coq - https://lnkd.in/gYv2VgFJ\n\n\n\n- Trustless, privacy-preserving blockchain bridges - https://lnkd.in/gxzndTd2\n\n\n\n- Security checklists for Ethereum smart contract development: patterns and best practices - https://lnkd.in/grF8DuMU\n\n\n\n- Dynamic Vulnerability Detection on Smart Contracts Using Machine Learning - https://lnkd.in/gpbsEGve\n\n\n\n- Targeting the Weakest Link: Social Engineering Attacks in Ethereum Smart Contracts - https://lnkd.in/g38PzXy3\n\n\n\n- OptSmart: A Space Efficient Optimistic Concurrent Execution of Smart Contracts - https://lnkd.in/gFJhgamn\n\n\n\n- DEFECTCHECKER: Automated Smart Contract Defect Detection by Analyzing EVM Bytecode - https://lnkd.in/gKNNN34h\n\n\n\n- Profiling Gas Leaks in Solidity Smart Contracts - https://lnkd.in/g2dMHYac\n\n\n\n- Ethereum SmartContract Vulnerability Detection using Deep Neural Network and Transfer Learning - https://lnkd.in/gV8Thsxe\n\n\n# Other useful resources\n\n- [The Auditors Book](https://theauditorbook.com/)\n\n- [CryptoFin Solidity Auditing Checklist](https://github.com/cryptofinlabs/audit-checklist)\n\n- [SWC Registry](https://swcregistry.io/)\n\n- [Trail of Bits Reference List](https://github.com/crytic/awesome-ethereum-security)\n\n## Support Me\n\nYour support is crucial to help me continue doing what I love - educating DeFi \u0026 Crypto users.\n\nIf you find value in my work and want to support my work, you can send me a donation to the address -\n\n- Ethereum/Polygon/BSC/Arbiturm/etc Address – [**0xB8B14B7f0E4dF000f0654aF98498d52e567F2bfE**](https://etherscan.io/address/0xB8B14B7f0E4dF000f0654aF98498d52e567F2bfE)\n\n- Solana Address – **2fM5d1cupj2Mceh1wSYTrq1PSz2JbTbcYipJ4RxRSgMB**\n\n- Bitcoin – [**bc1q5nmjw8x40upjd3k9akpmtj682xa3zus7sr7rm3**](https://blockchair.com/bitcoin/address/bc1q5nmjw8x40upjd3k9akpmtj682xa3zus7sr7rm3)\n\n- DogeCoin - **DPFhZeZkybzLZj3ReJPdWHnDzv1zU5pugA**\n\n- LiteCoin - **ltc1qzs3tj276zdjtuv5qy7aww3cc3frus8yvjdukln**\n\n- [Binance Referral Link](https://accounts.binance.com/en/register?ref=515918935)\n\nMuch much thanks every single one of you! Your support enables me to create more content, improve the quality of my work, and ultimately make a positive impact on the community.\n\n#\n\nDrop me a message on LinkedIn if you have any doubts or need any help -\n\n\u003cp align=\"left\"\u003e\n      \u003ca href=\"https://www.linkedin.com/in/harendra-shakya\" target=\"_blank\" rel=\"noreferrer\"\u003e\n        \u003cimg\n            src=\"https://raw.githubusercontent.com/danielcranney/readme-generator/main/public/icons/socials/linkedin.svg\"\n            width=\"32\"\n            height=\"32\"\n        /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://www.twitter.com/harendrashakya_\" target=\"_blank\" rel=\"noreferrer\"\u003e\n        \u003cimg\n            src=\"https://raw.githubusercontent.com/danielcranney/readme-generator/main/public/icons/socials/twitter.svg\"\n            width=\"32\"\n            height=\"32\"\n        /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://discord.gg/ZprHP39DdP\" target=\"_blank\" rel=\"noreferrer\"\u003e\n        \u003cimg\n            src=\"https://raw.githubusercontent.com/danielcranney/readme-generator/main/public/icons/socials/discord.svg\"\n            width=\"32\"\n            height=\"32\"\n        /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://www.github.com/harendra-shakya\" target=\"_blank\" rel=\"noreferrer\"\u003e\n        \u003cimg\n            src=\"https://raw.githubusercontent.com/danielcranney/readme-generator/main/public/icons/socials/github-dark.svg\"\n            width=\"32\"\n            height=\"32\"\n        /\u003e\n    \u003c/a\u003e\n\u003c/p\u003e\n\n[Linktree](https://linktr.ee/harendra_shakya)\n\nThank you! Stay safe!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fharendra-shakya%2Fsmart-contract-attack-vectors","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fharendra-shakya%2Fsmart-contract-attack-vectors","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fharendra-shakya%2Fsmart-contract-attack-vectors/lists"}