Hacks
yn00
QQ:253319066
展开
-
Bypass Contract Size Check
VulnerabilityIf an address is a contract then the size of code stored at the address will be greater than 0 right?Let's see how we can create a contract with code size returned byextcodesizeequal to 0.// SPDX-License-Identifier: MITpragma solidit..原创 2022-02-12 11:45:00 · 202 阅读 · 0 评论 -
Signature Replay
Signing messages off-chain and having a contract that requires that signature before executing a function is a useful technique.For example this technique is used to:reduce number of transaction on chain gas-less transaction, calledmeta transactionV.原创 2022-02-12 00:15:00 · 253 阅读 · 0 评论 -
Block Timestamp Manipulation
Vulnerabilityblock.timestampcan be manipulated by miners with the following constraintsit cannot be stamped with an earlier time than its parent it cannot be too far in the future// SPDX-License-Identifier: MITpragma solidity ^0.8.10;/*Roulette.原创 2022-02-11 20:15:00 · 412 阅读 · 0 评论 -
Front Running
VulnerabilityTransactions take some time before they are mined. An attacker can watch the transaction pool and send a transaction, have it included in a block before the original transaction. This mechanism can be abused to re-order transactions to the a原创 2022-02-11 10:15:00 · 259 阅读 · 0 评论 -
Honeypot
A honeypot is a trap to catch hackers.VulnerabilityCombining two exploits, reentrancy and hiding malicious code, we can build a contractthat will catch malicious users.// SPDX-License-Identifier: MITpragma solidity ^0.8.10;/*Bank is a contract原创 2022-02-11 16:45:00 · 173 阅读 · 0 评论 -
Phishing with tx.origin
What's the difference betweenmsg.senderandtx.origin?If contract A calls B, and B calls C, in Cmsg.senderis B andtx.originis A.VulnerabilityA malicious contract can deceive the owner of a contract into calling a function that only the owner sho...原创 2022-02-10 11:15:00 · 127 阅读 · 0 评论 -
Denial of Service
VulnerabilityThere are many ways to attack a smart contract to make it unusable.One exploit we introduce here is denial of service by making the function to send Ether fail.// SPDX-License-Identifier: MITpragma solidity ^0.8.10;/*The goal of Kin原创 2022-02-10 00:30:00 · 198 阅读 · 0 评论 -
Delegatecall
Vulnerabilitydelegatecallis tricky to use and wrong usage or incorrect understanding can lead to devastating results.You must keep 2 things in mind when usingdelegatecalldelegatecallpreserves context (storage, caller, etc...) storage layout must ...原创 2022-02-09 12:00:00 · 330 阅读 · 0 评论 -
Accessing Private Data
VulnerabilityAll data on a smart contract can be read.Let's see how we can readprivatedata. In the process you will learn how Solidity stores state variables.// SPDX-License-Identifier: MITpragma solidity ^0.8.10;/*Note: cannot use web3 on JVM..原创 2022-02-08 15:02:04 · 227 阅读 · 0 评论 -
Self Destruct
Contracts can be deleted from the blockchain by callingselfdestruct.selfdestructsends all remaining Ether stored in the contract to a designated address.VulnerabilityA malicious contract can useselfdestructto force sending Ether to any contract....原创 2022-02-09 10:00:00 · 366 阅读 · 1 评论 -
Arithmetic Overflow and Underflow
VulnerabilitySolidity < 0.8Integers in Solidity overflow / underflow without any errorsSolidity >= 0.8Default behaviour of Solidity 0.8 for overflow / underflow is to throw an error.// SPDX-License-Identifier: MITpragma solidity ^0.7.6;原创 2022-02-08 19:00:00 · 305 阅读 · 0 评论 -
Re-Entrancy
Hacks Re-Entrancy原创 2022-02-08 14:50:16 · 243 阅读 · 0 评论