crytic / Not So Smart Contracts
Licence: apache-2.0
Examples of Solidity security issues
Stars: ✭ 719
Programming Languages
solidity
1140 projects
Labels
Projects that are alternatives of or similar to Not So Smart Contracts
Awesome Solidity
A curated list of awesome Solidity resources
Stars: ✭ 111 (-84.56%)
Mutual labels: ethereum, vulnerabilities
Dasp
The Decentralized Application Security Project
Stars: ✭ 166 (-76.91%)
Mutual labels: ethereum, vulnerabilities
Awesome Buggy Erc20 Tokens
A Collection of Vulnerabilities in ERC20 Smart Contracts With Tokens Affected
Stars: ✭ 251 (-65.09%)
Mutual labels: ethereum, vulnerabilities
Solgraph
Visualize Solidity control flow for smart contract security analysis. 💵 ⇆ 💵
Stars: ✭ 599 (-16.69%)
Mutual labels: ethereum
Ethlance
Ethlance is the first job market platform built entirely on the Ethereum blockchain. Free to use forever!
Stars: ✭ 598 (-16.83%)
Mutual labels: ethereum
Blockchain guide
Introduce blockchain related technologies, from theory to practice with bitcoin, ethereum and hyperledger.
Stars: ✭ 5,897 (+720.17%)
Mutual labels: ethereum
Railsgoat
A vulnerable version of Rails that follows the OWASP Top 10
Stars: ✭ 699 (-2.78%)
Mutual labels: vulnerabilities
Nbminer
NVIDIA & AMD GPU Miner for ETH, RVN, GRIN, BEAM, CFX, AE, SERO
Stars: ✭ 568 (-21%)
Mutual labels: ethereum
Ethereumjs Tx
Project is in active development and has been moved to the EthereumJS VM monorepo.
Stars: ✭ 694 (-3.48%)
Mutual labels: ethereum
Create Eth App
Create Ethereum-powered apps with one command
Stars: ✭ 597 (-16.97%)
Mutual labels: ethereum
Ethermint Archive
Ethereum on Tendermint using Cosmos-SDK!
Stars: ✭ 667 (-7.23%)
Mutual labels: ethereum
Ethereum Org Website
Ethereum.org is a primary online resource for the Ethereum community.
Stars: ✭ 591 (-17.8%)
Mutual labels: ethereum
Rotki
A portfolio tracking, analytics, accounting and tax reporting application that protects your privacy
Stars: ✭ 689 (-4.17%)
Mutual labels: ethereum
K8s Security
Kubernetes security notes and best practices
Stars: ✭ 588 (-18.22%)
Mutual labels: vulnerabilities
Esp32 esp8266 attacks
Proof of Concept of ESP32/8266 Wi-Fi vulnerabilties (CVE-2019-12586, CVE-2019-12587, CVE-2019-12588)
Stars: ✭ 686 (-4.59%)
Mutual labels: vulnerabilities
Dawnscanner
Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
Stars: ✭ 642 (-10.71%)
Mutual labels: vulnerabilities
Kernelpop
kernel privilege escalation enumeration and exploitation framework
Stars: ✭ 628 (-12.66%)
Mutual labels: vulnerabilities
Wallet Core
Cross-platform, cross-blockchain wallet library.
Stars: ✭ 657 (-8.62%)
Mutual labels: ethereum
(Not So) Smart Contracts
This repository contains examples of common Ethereum smart contract vulnerabilities, including code from real smart contracts. Use Not So Smart Contracts to learn about EVM and Solidity vulnerabilities, as a reference when performing security reviews, and as a benchmark for security and analysis tools.
Features
Each Not So Smart Contract includes a standard set of information:
- Description of the unique vulnerability type
- Attack scenarios to exploit the vulnerability
- Recommendations to eliminate or mitigate the vulnerability
- Real-world contracts that exhibit the flaw
- References to third-party resources with more information
Bonus! We have also included a repository and analysis of several honeypots.
Vulnerabilities
| Not So Smart Contract | Description |
|---|---|
| Bad randomness | Contract attempts to get on-chain randomness, which can be manipulated by users |
| Denial of Service | Attacker stalls contract execution by failing in strategic way |
| Forced Ether Reception | Contracts can be forced to receive Ether |
| Incorrect Interface | Implementation uses different function signatures than interface |
| Integer Overflow | Arithmetic in Solidity (or EVM) is not safe by default |
| Race Condition | Transactions can be frontrun on the blockchain |
| Reentrancy | Calling external contracts gives them control over execution |
| Unchecked External Call | Some Solidity operations silently fail |
| Unprotected Function | Failure to use function modifier allows attacker to manipulate contract |
| Variable Shadowing | Local variable name is identical to one in outer scope |
| Wrong Constructor Name | Anyone can become owner of contract due to missing constructor |
Credits
These examples are developed and maintained by Trail of Bits. Contributions are encouraged and are covered under our bounty program.
If you have questions, problems, or just want to learn more, then join the #ethereum channel on the Empire Hacking Slack or contact us directly.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].