Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/crytic/not-so-smart-contracts
Examples of Solidity security issues
https://github.com/crytic/not-so-smart-contracts
ethereum solidity vulnerabilities
Last synced: 3 months ago
JSON representation
Examples of Solidity security issues
- Host: GitHub
- URL: https://github.com/crytic/not-so-smart-contracts
- Owner: crytic
- License: apache-2.0
- Archived: true
- Created: 2017-08-28T17:26:15.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2023-02-24T12:18:59.000Z (almost 2 years ago)
- Last Synced: 2024-08-03T15:04:40.249Z (4 months ago)
- Topics: ethereum, solidity, vulnerabilities
- Language: Solidity
- Homepage:
- Size: 462 KB
- Stars: 2,130
- Watchers: 83
- Forks: 335
- Open Issues: 10
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- blockchain-security-awesome - Examples of Solidity security issues
- awesome-solidity - crytic/not-so-smart-contracts - Examples of common vulnerabilities, including code from real smart contracts. (Resources)
- awesome-blockchain-security - Examples of Solidity security issues
- awesome-solidity - crytic/not-so-smart-contracts - Examples of common vulnerabilities, including code from real smart contracts. (Resources)
- Library-of-Ethereum - Not So Smart Contracts - This repository contains examples of common Ethereum smart contract vulnerabilities, including code from real smart contracts. (Smart Contracts / Solidity)
- awesome-solidity - crytic/not-so-smart-contracts - Examples of common vulnerabilities, including code from real smart contracts. (Resources)
- DeFi-Developer-Road-Map - Smart Contracts Threats DB - A compilation of the worst patterns. (Roadmap)
- stars - crytic/not-so-smart-contracts - Examples of Solidity security issues (Solidity)
- stars - crytic/not-so-smart-contracts - Examples of Solidity security issues (Solidity)
README
No-so-smart-contracts is now in [building-secure-contracts](https://github.com/crytic/building-secure-contracts) (see [https://secure-contracts.com/](https://secure-contracts.com/))
# (Not So) Smart Contracts
This repository contains examples of common Ethereum smart contract vulnerabilities, including code from real smart contracts. Use Not So Smart Contracts to learn about EVM and Solidity vulnerabilities, as a reference when performing security reviews, and as a benchmark for security and analysis tools.
## Features
Each _Not So Smart Contract_ includes a standard set of information:
* Description of the unique vulnerability type
* Attack scenarios to exploit the vulnerability
* Recommendations to eliminate or mitigate the vulnerability
* Real-world contracts that exhibit the flaw
* References to third-party resources with more informationBonus! We have also included a repository and analysis of several [honeypots](honeypots).
## Vulnerabilities
| Not So Smart Contract | Description |
| --- | --- |
| [Bad randomness](bad_randomness) | Contract attempts to get on-chain randomness, which can be manipulated by users |
| [Denial of Service](denial_of_service) | Attacker stalls contract execution by failing in strategic way |
| [Forced Ether Reception](forced_ether_reception) | Contracts can be forced to receive Ether |
| [Incorrect Interface](incorrect_interface) | Implementation uses different function signatures than interface |
| [Integer Overflow](integer_overflow) | Arithmetic in Solidity (or EVM) is not safe by default |
| [Race Condition](race_condition) | Transactions can be frontrun on the blockchain |
| [Reentrancy](reentrancy) | Calling external contracts gives them control over execution |
| [Unchecked External Call](unchecked_external_call) | Some Solidity operations silently fail |
| [Unprotected Function](unprotected_function) | Failure to use function modifier allows attacker to manipulate contract |
| [Variable Shadowing](variable%20shadowing/) | Local variable name is identical to one in outer scope |
| [Wrong Constructor Name](wrong_constructor_name) | Anyone can become owner of contract due to missing constructor |## Credits
These examples are developed and maintained by [Trail of Bits](https://www.trailofbits.com/). Contributions are encouraged and are covered under our [bounty program](https://github.com/trailofbits/not-so-smart-contracts/wiki#bounties).
If you have questions, problems, or just want to learn more, then join the #ethereum channel on the [Empire Hacking Slack](https://empireslacking.herokuapp.com/) or [contact us](https://www.trailofbits.com/contact/) directly.