Vulnerabilities

• Improper Adherence to Coding Standards

  • Function Default Visibility
  • State Variable Default Visibility

• Incorrect Calculation

  • Integer Overflow and Underflow

• Using Components with Known Vulnerabilities

  • Outdated Compiler Version

• Improper Control of a Resource Through its Lifetime

  • Floating Pragma

• Unchecked Return Value

  • Unchecked Call Return Value

• Improper Access Control

  • Unprotected Ether Withdrawal
  • Unprotected SELFDESTRUCT Instruction

• Improper Enforcement of Behavioral Workflow

  • Reentrancy

• Access of Uninitialized Pointer

  • Uninitialized Storage Pointer

• Always-Incorrect Control Flow Implementation

  • Assert Violation

• Use of Obsolete Function

  • Use of Deprecated Solidity Functions
  • Authorization through tx.origin

• Inclusion of Functionality from Untrusted Control Sphere

  • Delegatecall to Untrusted Callee
  • Block values as a proxy for time

• Improper Check or Handling of Exceptional Conditions

  • DoS with Failed Call

• Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

  • Transaction Order Dependence

• Improper Verification of Cryptographic Signature

  • Signature Malleability
  • Missing Protection against Signature Replay Attacks

• Improper Initialization

  • Incorrect Constructor Name

• Improper Adherence to Coding Standards

  • Shadowing State Variables

• Use of Insufficiently Random Values

  • Weak Sources of Randomness from Chain Attributes

• Insufficient Verification of Data Authenticity

  • Lack of Proper Signature Verification

• Improper Following of Specification by Caller

  • Requirement Violation

• Write-what-where Condition

  • Write to Arbitrary Storage Location

• Incorrect Behavior Order

  • Incorrect Inheritance Order

• Insufficient Control Flow Management

  • Insufficient Gas Griefing

• Use of Low-Level Functionality

  • Arbitrary Jump with Function Type Variable

• Uncontrolled Resource Consumption

  • DoS With Block Gas Limit

• Use of Incorrect Operator

  • Typographical Error

• User Interface (UI) Misrepresentation of Critical Information

  • Right-To-Left-Override control character (U+202E)

• Irrelevant Code

  • Presence of unused variables
  • Code With No Effects

• Improper Locking

  • Unexpected Ether balance

• Authentication Bypass by Capture-replay

  • Hash Collisions With Multiple Variable Length Arguments

• Improper Initialization

  • Message call with hardcoded gas amount

• Access to Critical Private Variable via Public Method

  • Unencrypted Private Data On-Chain

DefiVulnLabs

1nf0s3cpt has created a repo for vulnerbaility testing using Foundry.

You can access them here:

• https://github.com/SunWeb3Sec/DeFiVulnLabs

References

• OpenZeppelin - Proxy Upgrade Pattern
• Beware of the proxy: learn how to exploit function clashing
• Malicious backdoors in Ethereum Proxies
• Contract upgrade anti-patterns
• External Calls
• anyone can kill your contract
• Reentrancy
• ERC20 API: An Attack Vector on the Approve/TransferFrom Methods
• A survey of attacks on Ethereum smart contracts
• 246 Findings From our Smart Contract Audits: An Executive Summary