List of attacks on smart contracts

Security is a major concern for smart contracts. This source lists many known attack vectors to Solidity smart contracts. It is valuable for developers and auditors alike.

The attacks are classified in the following categories:

  • Re-Entrancy
  • Arithmetic Overflow/ Underflow
  • Unexpected Ether
  • Delegate Calls
  • Default Visibilities
  • Entropy
  • References to external contracts
  • Parameter Attacks
  • Unchecked Call return Values
  • Race Conditions
  • Denial of Service
  • Block Timestamp Manipulation
  • Constructor
  • Floating Point and Numerical Precision
  • tx.origin Vulnerability

The vulnerabilites and possible attacks are demonstrated on an example smart contract.

The source also provides possible solutions in order to circumvent the particular vulnerability.