Solidity Security Articles
-
Common Vulnerabilities in Solidity: Delegatecall
May 10, 2023The delegatecall in Solidity is a method of calling a contract that allows a contract to call a function of another contract while the execution environment is the caller's runtime environment. This invocation method can improve the flexibility and reusability of code in some cases, but there are also security risks. This article will delve into how delegatecall vulnerabilities work, examples, and how to avoid such vulnerabilities.
-
Common Vulnerabilities in Solidity: Randomness
May 05, 2023Smart contracts are one of the cores of blockchain technology, allowing for automated transactions and execution without the need to trust third parties. However, smart contracts also have some vulnerabilities, and one of the common ones is the randomness vulnerability. In a smart contract, randomness generation is necessary, but if the randomness can be predicted or controlled, then an attacker can exploit this vulnerability to perform malicious operations. This article will introduce the principle, impact, and possible solutions to the randomness vulnerability in smart contracts.
-
Common Vulnerabilities in Solidity: Reentrancy Vulnerability
Apr 17, 2023Smart contracts are an important component of blockchain technology, used to automate and execute various transactions and operations. However, vulnerabilities and security issues in smart contracts have become a pervasive problem, with one of the most common being the reentrancy vulnerability. In this article, we will delve into the principles, impact, and resolutions of the reentrancy vulnerability.
-
Common Vulnerabilities in Solidity: Phishing with tx.origin
Apr 12, 2023With the continuous development of blockchain technology, smart contracts have become an indispensable part of blockchain applications. However, because the development and deployment of smart contracts are public, attackers have the opportunity to exploit vulnerabilities for various phishing attacks. One common attack method is phishing based on tx.origin. Although tx.origin is an important global variable (transaction properties) in Ethereum, its use may pose security risks and give attackers an opportunity to take advantage. This article will delve into the principle, cases, and defense measures of phishing attacks based on tx.origin.
-
Common Vulnerabilities in Solidity: Denial of Service (DOS)
Mar 30, 2023Solidity is a blockchain-based programming language for smart contracts, and is one of the preferred languages for writing smart contracts on Ethereum. While Solidity-written smart contracts offer many benefits in automating and decentralizing transactions, they may also have security issues when handling transactions.
-
Common Vulnerabilities in Solidity: Selfdestruct Function
Mar 25, 2023In the field of blockchain, smart contracts are considered as a revolutionary technology that enables the automatic execution of various complex transactions and operations on decentralized networks. However, with the widespread adoption of smart contracts, security issues have become increasingly prominent. The design and implementation of smart contracts often involve many potential security risks, one of which is the selfdestruct function vulnerability.
-
Common Vulnerabilities In Solidity: Arithmetic Overflow And Underflow
Mar 22, 2023Due to the frequent occurrence of incidents targeting smart contracts, more and more criminals are stealing other people's digital assets through vulnerabilities in contracts. Therefore, we will introduce you to some common vulnerabilities in smart contracts , so that everyone can better understand the security and threats of Solidity smart contracts. This article will introduce a classic vulnerability in smart contracts —— arithmetic overflow.