{"id":18322809,"url":"https://github.com/safful/solidity-smart-contract-attack-vectors","last_synced_at":"2025-09-16T04:08:59.178Z","repository":{"id":188165422,"uuid":"678218969","full_name":"safful/Solidity-Smart-Contract-Attack-Vectors","owner":"safful","description":"List of Common Solidity SmartContract Attack Vectors.","archived":false,"fork":false,"pushed_at":"2023-08-14T03:33:29.000Z","size":27,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-02-15T08:42:29.249Z","etag":null,"topics":["dapp","defi","nft","smartcontracts","solidity","solidity-codes","solidity-contracts"],"latest_commit_sha":null,"homepage":"https://safful.com/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/safful.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-08-14T03:30:32.000Z","updated_at":"2023-08-14T03:33:11.000Z","dependencies_parsed_at":"2023-08-14T04:39:06.091Z","dependency_job_id":null,"html_url":"https://github.com/safful/Solidity-Smart-Contract-Attack-Vectors","commit_stats":null,"previous_names":["safful/solidity-smart-contract-attack-vectors"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/safful%2FSolidity-Smart-Contract-Attack-Vectors","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/safful%2FSolidity-Smart-Contract-Attack-Vectors/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/safful%2FSolidity-Smart-Contract-Attack-Vectors/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/safful%2FSolidity-Smart-Contract-Attack-Vectors/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/safful","download_url":"https://codeload.github.com/safful/Solidity-Smart-Contract-Attack-Vectors/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248055270,"owners_count":21040151,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dapp","defi","nft","smartcontracts","solidity","solidity-codes","solidity-contracts"],"created_at":"2024-11-05T18:26:03.421Z","updated_at":"2025-09-16T04:08:54.155Z","avatar_url":"https://github.com/safful.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Solidity Smart Contract Attack Vectors\n\nThis Repository contains list of Solidity Attack Vectors. It includes most solidity vulnerabilities collected from various sources like SWC Registry, DeFi threat, DASP Top-10 and contents all over Internet. You can click each attack vectors and find details about it.\n\n#### If you find any attack vectors missing, you can create a pull request and be a contributor of the project.\n\n| Serial No. | Attack Vectors |\n| ---------- | --------------------------------------------------------------------- |\n| **1** | [Access Control Checks on Critical Function](data/1.md) |\n| **2** | [Account Existence Check for low level calls](data/2.md) |\n| **3** | [Arithmetic Over/Under Flows](data/3.md) |\n| **4** | [Assert Violation](data/4.md) |\n| **5** | [Authorization through tx.origin](data/5.md) |\n| **6** | [Bad Source of Randomness](data/6.md) |\n| **7** | [Block Timestamp manipulation](data/7.md) |\n| **8** | [Bypass Contract Size Check](data/8.md) |\n| **9** | [Code With No Effects](data/9.md) |\n| **10** | [Delegatecall](data/10.md) |\n| **11** | [Delegatecall to Untrusted Callee](data/11.md) |\n| **12** | [DoS with (Unexpected) revert](data/12.md) |\n| **13** | [DoS with Block Gas Limit](data/13.md) |\n| **14** | [Logical Issues](data/14.md) |\n| **15** | [Entropy Illusion](data/15.md) |\n| **16** | [Function Selector Abuse](data/16.md) |\n| **17** | [Floating Point and Numerical Precision](data/17.md) |\n| **18** | [Floating Pragma](data/18.md) |\n| **19** | [Forcibly Sending Ether to a Contract](data/19.md) |\n| **20** | [Function Default Visibility](data/20.md) |\n| **21** | [Hash Collisions With Multiple Variable Length Arguments](data/21.md) |\n| **22** | [Improper Array Deletion](data/22.md) |\n| **23** | [Incorrect interface](data/23.md) |\n| **24** | [Insufficient gas griefing](data/24.md) |\n| **25** | [Unsafe Ownership Transfer](data/25.md) |\n| **26** | [Loop through long arrays](data/26.md) |\n| **27** | [Message call with hardcoded gas amount](data/27.md) |\n| **28** | [Outdated Compiler Version](data/28.md) |\n| **29** | [Precision Loss in Calculations](data/29.md) |\n| **30** | [Price Manipulation](data/30.md) |\n| **31** | [Hiding Malicious Code with External Contract](data/31.md) |\n| **32** | [Public burn() function](data/32.md) |\n| **33** | [Race Conditions / Front Running](data/33.md) |\n| **34** | [Re-entrancy](data/34.md) |\n| **35** | [Requirement Violation](data/35.md) |\n| **36** | [Right-To-Left-Override control character (U+202E)](data/36.md) |\n| **37** | [Shadowing State Variables](data/37.md) |\n| **38** | [Short Address/Parameter Attack](data/38.md) |\n| **39** | [Signature Malleability](data/39.md) |\n| **40** | [Signature Replay Attacks](data/40.md) |\n| **41** | [State Variable Default Visibility](data/41.md) |\n| **42** | [Transaction Order Dependence](data/42.md) |\n| **43** | [Typographical Error](data/43.md) |\n| **44** | [Unchecked Call Return Value](data/44.md) |\n| **45** | [Unencrypted Private Data On-Chain](data/45.md) |\n| **46** | [Unexpected Ether balance](data/46.md) |\n| **47** | [Uninitialized Storage Pointer](data/47.md) |\n| **48** | [Unprotected Ether Withdrawal](data/48.md) |\n| **49** | [Unprotected SELFDESTRUCT Instruction](data/49.md) |\n| **50** | [Unprotected Upgrades](data/50.md) |\n| **51** | [Unused Variable](data/51.md) |\n| **52** | [Use of Deprecated Solidity Functions](data/52.md) |\n| **53** | [Write to Arbitrary Storage Location](data/53.md) |\n| **54** | [Wrong inheritance](data/54.md) |\n\n---\n\n## References:\n\n[SWC Registry](https://swcregistry.io/)\n\n[DeFi-Threat](https://github.com/manifoldfinance/defi-threat)\n\n[Runtimeverification - List-of-Security-Vulnerabilties](https://github.com/runtimeverification/verified-smart-contracts/wiki/List-of-Security-Vulnerabilities)\n\n[DASP-Top 10](https://www.dasp.co/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsafful%2Fsolidity-smart-contract-attack-vectors","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsafful%2Fsolidity-smart-contract-attack-vectors","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsafful%2Fsolidity-smart-contract-attack-vectors/lists"}