Data

Tools

Indexes

Applications

Experiments

Open Source Science

https://github.com/crytic/not-so-smart-contracts

Examples of Solidity security issues

https://github.com/crytic/not-so-smart-contracts

Science Score: 13.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
  • DOI references
  • Academic publication links
  • Committers with academic emails
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (9.9%) to scientific vocabulary

Keywords

ethereum solidity vulnerabilities

Keywords from Contributors

academic-papers conference-presentations security-reviews static-analysis vulnerability-detection symbolic-execution vyper binary-analysis emulation program-analysis
Last synced: 5 months ago · JSON representation

Repository

Examples of Solidity security issues

Basic Info
  • Host: GitHub
  • Owner: crytic
  • License: apache-2.0
  • Language: Solidity
  • Default Branch: master
  • Homepage:
  • Size: 462 KB
Statistics
  • Stars: 2,220
  • Watchers: 79
  • Forks: 361
  • Open Issues: 10
  • Releases: 0
Archived
Topics
ethereum solidity vulnerabilities
Created over 8 years ago · Last pushed almost 3 years ago
Metadata Files
Readme License

README.md

No-so-smart-contracts is now in building-secure-contracts (see https://secure-contracts.com/)

(Not So) Smart Contracts

This repository contains examples of common Ethereum smart contract vulnerabilities, including code from real smart contracts. Use Not So Smart Contracts to learn about EVM and Solidity vulnerabilities, as a reference when performing security reviews, and as a benchmark for security and analysis tools.

Features

Each Not So Smart Contract includes a standard set of information:

  • Description of the unique vulnerability type
  • Attack scenarios to exploit the vulnerability
  • Recommendations to eliminate or mitigate the vulnerability
  • Real-world contracts that exhibit the flaw
  • References to third-party resources with more information

Bonus! We have also included a repository and analysis of several honeypots.

Vulnerabilities

| Not So Smart Contract | Description | | --- | --- | | Bad randomness | Contract attempts to get on-chain randomness, which can be manipulated by users | | Denial of Service | Attacker stalls contract execution by failing in strategic way | | Forced Ether Reception | Contracts can be forced to receive Ether | | Incorrect Interface | Implementation uses different function signatures than interface | | Integer Overflow | Arithmetic in Solidity (or EVM) is not safe by default | | Race Condition | Transactions can be frontrun on the blockchain | | Reentrancy | Calling external contracts gives them control over execution | | Unchecked External Call | Some Solidity operations silently fail | | Unprotected Function | Failure to use function modifier allows attacker to manipulate contract | | Variable Shadowing | Local variable name is identical to one in outer scope | | Wrong Constructor Name | Anyone can become owner of contract due to missing constructor |

Credits

These examples are developed and maintained by Trail of Bits. Contributions are encouraged and are covered under our bounty program.

If you have questions, problems, or just want to learn more, then join the #ethereum channel on the Empire Hacking Slack or contact us directly.

Owner

  • Name: Crytic
  • Login: crytic
  • Kind: organization
  • Email: opensource@trailofbits.com
  • Location: New York, NY

Blockchain Security, by @trailofbits

GitHub Events

Total
  • Watch event: 74
  • Fork event: 25
Last Year
  • Watch event: 74
  • Fork event: 25

Committers

Last synced: over 1 year ago

All Time
  • Total Commits: 62
  • Total Committers: 16
  • Avg Commits per committer: 3.875
  • Development Distribution Score (DDS): 0.694
Past Year
  • Commits: 0
  • Committers: 0
  • Avg Commits per committer: 0.0
  • Development Distribution Score (DDS): 0.0
Top Committers
Name Email Commits
Ben Perez b****7@g****m 19
Dan Guido d****n@t****m 7
Michael Colburn m****n@t****m 7
Josselin j****n@t****m 7
rocky r****y 4
Mark Mossberg m****g@g****m 3
Mark Mossberg m****k@t****m 3
ggrieco-tob 3****b 3
Evan Sultanik e****k@t****m 2
Chris Evans c****3@g****m 1
Evan Sultanik e****n@s****m 1
Nat Chin n****n@t****m 1
Stefan Edwards s****c@g****m 1
computerality j****y@c****m 1
ggrieco-tob g****o@t****m 1
Taylor Monahan 7****o 1
Committer Domains (Top 20 + Academic)
trailofbits.com: 7 computerality.com: 1 sultanik.com: 1

Issues and Pull Requests

Last synced: over 1 year ago

All Time
  • Total issues: 20
  • Total pull requests: 25
  • Average time to close issues: 6 months
  • Average time to close pull requests: 8 months
  • Total issue authors: 9
  • Total pull request authors: 16
  • Average comments per issue: 1.65
  • Average comments per pull request: 1.48
  • Merged pull requests: 15
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 0
  • Pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Issue authors: 0
  • Pull request authors: 0
  • Average comments per issue: 0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
View more stats
Top Authors
Issue Authors
  • ESultanik (9)
  • rocky (3)
  • muellerberndt (2)
  • blperez01 (1)
  • dguido (1)
  • ghost (1)
  • matmilbury (1)
  • adamskrodzki (1)
  • montyly (1)
Pull Request Authors
  • rocky (3)
  • ggrieco-tob (3)
  • blperez01 (3)
  • mgcolburn (3)
  • adamskrodzki (2)
  • ksloven (2)
  • y0wl (1)
  • perks (1)
  • jonathanknudsen (1)
  • lojikil (1)
  • 0xicingdeath (1)
  • 0xalpharush (1)
  • montyly (1)
  • 0xfps (1)
  • Haruxe (1)
Top Labels
Issue Labels
good first issue (1)
Pull Request Labels