漏洞分类

  1. Incorrect Calculation/arithmetic issues 1 Integer bugs

    1. arithmetic bugs

      Integer Overflow and Underflow Division by zero or modulo zero, 2)truncation bugs /multiply before divison/Imprecise arithmetic operations order 3)signedness bugs 目前精通整型溢出漏洞的工具:

    1. Osiris Integer bugs 论文
    2. ERC20 智能合约整数溢出系列漏洞披露 提到一个自动化工具可以高效挖掘高危整数溢出漏洞,检测出了文中很多漏洞

  2. Use of Incorrect Operator/Typographical Error

    The unary + operator is deprecated in new solidity compiler versions.

  3. Using Components with Known Vulnerabilities

    1. Outdated Compiler Version
    2. Compiler version not fixed / Floating Pragma

  4. Unchecked Return Value / Handle errors in external calls 2

    Unchecked Call Return Value Uncheck low-level call

  5. CWE-284: Improper Access Control 3

    1. Unprotected Ether Withdrawal

      unintentionally exposing initialization functions。such as Constructor 也可以说是初始化函数可见性问题 -- 见 SWC-105

    2. Unprotected SELFDESTRUCT Instruction/functionality / suicide 4

    3. Function Default Visibility -- Improper Adherence to Coding Standards5

    4. State Variable Default Visibility/Implicit visibility level(不明确指定可见性)6

    5. Owner 权限问题 避免 owner 权限过大

  6. Improper Adherence to Coding Standards

    1. Shadowing State Variables [^write]

    2. Function Default Visibility

    3. Freezing ether7

      只有收钱,转账委托给其他合约,delegatecall,如果其他合约死了,就造成此问题

    4. Ether lost in transfer

      转向空地址

  7. Incorrect Inheritance Order[^control_flow]

  8. Use of Obsolete Function

    1. Use of Deprecated Solidity Functions
    2. Authorization through tx.origin[^authorization]8

  9. CWE-841: Improper Enforcement of Behavioral Workflow 行为工作流的不恰当实施 [^improper_enforcement_workflow]9

    1. Reentrancy(a.k.a. recursive call attack) 1011

      1. Reentrancy on a Single Function

      2. Cross-function Reentrancy

      3. Reentrancy Mutex 使用不当 when you have multiple contracts that need to cooperate.

        死锁

  10. CWE-670: Always-Incorrect Control Flow Implementation[^control_flow]

    1. Assert Violation //存在某条控制流总是错误 1. 有 bug 或者 不该用 Assert

  11. Insufficient Control Flow Management [^control_flow]

    1. Insufficient Gas Griefing[^gas]12

      subcall fail

      1. Require Gasleft 保证 subcall 完成
      2. Permit only trusted accounts to relay the transaction.

    2. Meta transactions Relay [^gas]131415 转发者不断提供较少 gas 使其失败,从而不断获取 ether 或者形成 Dos

  12. Call to the unknown 16

    代码写错,未匹配到,默认调用 fallback 函数

  13. CWE-829: Inclusion of Functionality from Untrusted Control Sphere17

    1. Delegatecall to Untrusted Callee

  14. Mishandled Exceptions/Improper Check or Handling of Exceptional Conditions/Exception disorder 18

    1. DoS with Failed External Call19
    2. 未作限制的 DelegateCall

    参考: 以太坊 Solidity 合约 call 函数簇滥用导致的安全风险

  15. Call 注入20

  16. Improper Following of Specification by Caller21

    1. Requirement Violation SWC-123

  17. Race Condition/Concurrent Execution using Shared Resource with Improper Synchronization

    Front-runnig:22 目前最常发生: The ERC20 token standard includes a function called 'approve'

    1. Displacement/顶替

    2. Insertion/Transaction Order Dependence 提前插队,倒卖

    3. Suppression/Block Stuffing attacks/Transaction Congestion Attack 拥挤堵塞23

      The Anatomy of a Block Stuffing Attack

  18. Weak Sources of Randomness from Chain Attributes/Use of Insufficiently Random Values/Entropy Illusion24

    block.timestamp、blockhash ,   block.difficulty block Number 都是不安全的 1. Block values as a proxy for time/Timestamp dependence 2. Block Number Dependency

  19. Improper Verification of Cryptographic Signature/Signature Replay Attacks[^authorization]

    1. Signature Malleability -- SWC-117

      ecrecover A signature should never be included into a signed message hash to check if previously messages have been processed by the contract.

    2. Missing Protection against Signature Replay Attacks -- SWC-121

      增加对重放攻击的保护,比如: 1.保存每次消息的 hash 2.Include the address of the contract that processes the message, 3. SWC-117

    3. Lack of Proper Signature Verification -- SWC-122

      sign messages off-chain. This can lead to vulnerabilities especially in scenarios where proxies can be used to relay transactions.

  20. Write-what-where Condition

    Write to Arbitrary Storage Location25

  21. Use of Low-Level Functionality/Assembly instructions

    1. Arbitrary Jump with Function Type Variable

  22. User Interface (UI) Misrepresentation of Critical Information

    Right-To-Left-Override control character (U+202E)

  23. Irrelevant Code/Dead code

    1. Presence of unused variables
    2. Code With No Effects

  24. Improper Locking

    Unexpected Ether balance/Forcibly Sending Ether to a Contract26 In the worst case scenario this could lead to DOS conditions that might render the contract unusable.

  25. Keeping secrets/Unencrypted Private Data On-Chain27

    Access to Critical Private Variable via Public Method

  26. Authentication Bypass by Capture-replay[^authorization]

    Hash Collisions With Multiple Variable Length Arguments

  27. Improper Initialization

    Message call with hardcoded gas amount[^gas]

  28. Gas

    1. Uncontrolled Resource Consumption

      DoS With Block Gas Limit28

      1. Gas Limit DoS on a Contract via Unbounded Operations/Loop over an array of unknown size

        lock Ether

      2. Gas Limit DoS on the Network via Block Stuffing/Block Stuffing attacks/Transaction congestion Attack

      它不只可以用来消耗 Gas, 还可以通过 GasToken 来倒成钱

    2. GasLess Send

    参考:Silent But Vulnerable: Ethereum Gas Security Concerns

  29. Dos29

    1. DoS With Block Gas Limit

      1. DoS with Failed External Call/External calls without gas stipends30
      2. Looping through externally manipulated mappings or arrays/通过外部操纵映射或数组(Array)循环

    2. Owner operations 所有者操作

    3. Progressing state based on external calls 基于外部调用的进展状态31

      Solidity Security: Comprehensive list of known attack vectors and common anti-patterns 中文翻译

    4. DoS with (Unexpected) revert 32

      恶意退款的 fallback 函数

  30. Signature collisions: two different functions may have the same signature

  31. 假充值问题 专门做它的: 1.EVulHunter: Detecting Fake Transfer Vulnerabilitiesfor EOSIO’s Smart Contracts at Webassembly level 2. 知道创宇 404/慢雾团队

版本更新已解决

  1. Uninitialized Storage Pointer~~~ compiler version 0.5.0 and higher 已解决

  2. Incorrect Constructor Name -- SWC-118 Solidity version 0.4.22 引入了 constructor 关键字

参照

SWC Registry Classification of smart contract vulnerabilities Known Attacks Silent But Vulnerable: Ethereum Gas Security Concerns Solidity Security: Comprehensive list of known attack vectors and common anti-patterns ethereum wiki 智能合约的常见漏洞 以太坊智能合约安全入门了解一下(上) 区块链智能合约安全审计白皮书(2018 年)解读 以太坊 Solidity 合约 call 函数簇滥用导致的安全风险

想法总结

以太坊 Solidity 合约 call 函数簇滥用导致的安全风险 call 安全漏洞