可以考虑的方向

Call 安全

  1. Improper Check or Handling of Exceptional Conditions

    其他名:Exceptions in external calls/Mishandled Exceptions/

    1. Unchecked Return Value/Uncheck low-level call

    2. Exception disorder

      主要是嵌套调用链异常处理不当

    3. DoS with Failed External Call/External calls without gas stipends

  2. Reentrancy(a.k.a. recursive call attack)

    1. Reentrancy on a Single Function

    2. Cross-function Reentrancy

    3. Reentrancy Mutex 使用不当 when you have multiple contracts that need to cooperate.

      死锁

  3. Freezing ether

    1. 只有收钱函数,无转账函数
    2. 通过 delegatecall 转账委托给其他合约,如果其他合约死了,就造成此问题

  4. Delegatecall to Untrusted Callee/DelegateCallWithUserInput/Controlled Delegatecall

    以下漏洞与 Call 有关,但是不都是 call 的错误

  5. Insufficient Gas Griefing

    1. require Gasleft 保证 subcall 完成

      审查

  6. Call to the unknown

    代码写错,未匹配到,默认调用 fallback 函数

  7. Call 注入

  8. Improper Following of Specification by Caller

    Requirement Violation SWC-123

DOS focus

  1. Insufficient Control Flow Management

    Meta transactions Relay 转发者不断提供较少 gas 使其失败,从而不断获取 ether 或者形成 Dos

  2. DoS With Block Gas Limit

    1. Gas Limit DoS on a Contract via Unbounded Operations/Loop over an array of unknown size / Looping through externally manipulated mappings or arrays/通过外部操纵映射或数组(Array)循环

      lock Ether

    2. Gas Limit DoS on the Network via Block Stuffing/Block Stuffing attacks/Transaction congestion Attack/Unclogged blockchain reliance

      Front-runing Suppression/Block Stuffing attacks/Transaction Congestion Attack 拥挤堵塞 The Anatomy of a Block Stuffing Attack

  3. Owner operations 所有者操作

  4. DoS with Failed External Call/External calls without gas stipends

  5. Progressing state based on external calls 基于外部调用的进展状态

  6. Unexpected Ether balance/Forcibly Sending Ether to a Contract

    In the worst case scenario this could lead to DOS conditions that might render the contract unusable.

  7. DoS with (Unexpected) revert

    恶意退款的 fallback 函数

  8. DoS with selfdestruct

Gas foucus

  1. Insufficient Gas Griefing

    subcall fail

    解决方法

    1. Require Gasleft 保证 subcall 完成
    2. Permit only trusted accounts to relay the transaction.

  2. Meta transactions Relay

  3. Improper Initialization

    Message call with hardcoded gas amount

  4. DoS With Block Gas Limit

    Uncontrolled Resource Consumption

    1. Gas Limit DoS on a Contract via Unbounded Operations/Loop over an array of unknown size

      lock Ether

    2. Gas Limit DoS on the Network via Block Stuffing/Block Stuffing attacks/Transaction congestion Attack

    它不只可以用来消耗 Gas, 还可以通过 GasToken 来倒成钱

  5. GasLess Send/Failed Send

inclusion_from_untrusted_control_sphere

  1. Reentrancy(a.k.a. recursive call attack)

    1. Reentrancy on a Single Function

    2. Cross-function Reentrancy

    3. Reentrancy Mutex 使用不当 when you have multiple contracts that need to cooperate.

      死锁

  2. 变量覆盖问题导致任意存储地址写

    可以控制数组偏移时

  3. DoS with (Unexpected) revert

    恶意退款的 fallback 函数

  4. Weak Sources of Randomness from Chain Attributes/Use of Insufficiently Random Values/Entropy Illusion

  5. Delegatecall to Untrusted Callee

  6. Insufficient Gas Griefing

    subcall fail

1. Require Gasleft 保证 subcall 完成
2. Permit only trusted accounts to relay the transaction.

  7. Meta transactions Relay

    转发者不断提供较少 gas 使其失败,从而不断获取 ether 或者形成 Dos

Fallback Focus

  1. Reentrancy(a.k.a. recursive call attack)

    1. Reentrancy on a Single Function

    2. Cross-function Reentrancy

    3. Reentrancy Mutex 使用不当 when you have multiple contracts that need to cooperate.

      死锁

  2. Call to the unknown

    代码写错,未匹配到,默认调用 fallback 函数

  3. DoS with (Unexpected) revert

    恶意退款的 fallback 函数

Storage access

  1. Uninitialized storage pointer (SWC-109, SP-14)

    Note: As of compiler version 0.5.0 and higher this issue has been systematically resolved as contracts with uninitialised storage pointers do no longer compile.

  2. Delegatecall and storage layout (SWC-112, SP-4)

  3. Overlap attack/Arbitrary Jump with Function Type Variable

  4. 变量覆盖问题导致任意存储地址写

    可以控制数组偏移时

  5. storge HASH Collisions

Flow focus

Internal control flow

  1. CWE-670: Always-Incorrect Control Flow Implementation
    1. Assert Violation //存在某条控制流总是错误 1. 有 bug 或者 不该用 Assert
  2. Incorrect Inheritance Order
  3. Arbitrary jump with function type variable (SWC-127)
  4. Assembly return in constructor: this trick tampers with standard deployment process; as a result, actually deployed bytecode has little in common with the source code

improper_enforcement_workflow/Behavior workflow 检测行为工作流/行为顺序不当

  1. CWE-841: Improper Enforcement of Behavioral Workflow 行为工作流的不恰当实施

    1. Reentrancy(a.k.a. recursive call attack)

      1. Reentrancy on a Single Function

      2. Cross-function Reentrancy

      3. Reentrancy Mutex 使用不当 when you have multiple contracts that need to cooperate.

        死锁

  2. Insufficient Control Flow Management

    1. Insufficient Gas Griefing

      subcall fail

      1. Require Gasleft 保证 subcall 完成
      2. Permit only trusted accounts to relay the transaction.

    2. Meta transactions Relay

      转发者不断提供较少 gas 使其失败,从而不断获取 ether 或者形成 Dos

  3. Race Condition/Concurrent Execution using Shared Resource with Improper Synchronization

    Front-runnig: 目前最常发生: The ERC20 token standard includes a function called 'approve', 即: approve 授权函数条件竞争

    1. Displacement/顶替

    2. Insertion/Transaction Order Dependence/Unpredictable state 提前插队,倒卖

      • TODAmount
      • TODReceiver
      • TODTransfer

    3. Suppression/Block Stuffing attacks/Transaction Congestion Attack 拥挤堵塞 The Anatomy of a Block Stuffing Attack

  4. Exception disorder

    主要是嵌套调用链异常处理不当

委托管理 proxy replay

  1. Improper Verification of Cryptographic Signature/Signature Replay Attacks

    1. Signature Malleability -- SWC-117

      ecrecover A signature should never be included into a signed message hash to check if previously messages have been processed by the contract.

    2. Missing Protection against Signature Replay Attacks -- SWC-121

      增加对重放攻击的保护,比如: 1.保存每次消息的 hash 2.Include the address of the contract that processes the message, 3. SWC-117

    3. Lack of Proper Signature Verification -- SWC-122

      sign messages off-chain. This can lead to vulnerabilities especially in scenarios where proxies can be used to relay transactions.

  2. Authentication Bypass by Capture-replay

    Hash Collisions With Multiple Variable Length Arguments

  3. Insufficient Gas Griefing

    subcall fail

1. Require Gasleft 保证 subcall 完成
2. Permit only trusted accounts to relay the transaction.

  4. Meta transactions Relay

    转发者不断提供较少 gas 使其失败,从而不断获取 ether 或者形成 Dos

Authorization/ Improper Access Control

  1. unintentionally exposing initialization functions。such as Constructor 也可以说是初始化函数可见性问题 -- 见 SWC-105

    Unprotected Ether Withdrawal/Functions that send ether to arbitrary destinations

  2. Unprotected SELFDESTRUCT Instruction/functionality / suicide

  3. Function Default Visibility -- Improper Adherence to Coding Standard

  4. State Variable Default Visibility/Implicit visibility level(不明确指定可见性)

  5. Use of Obsolete Function

    Authorization through tx.origin

  6. Keeping secrets/Unencrypted Private Data On-Chain

  7. Write to Arbitrary Storage Location

  8. 变量覆盖问题导致任意存储地址写

    可以控制数组偏移时

  9. HASH 碰撞

    从一起“盗币”事件看以太坊存储 hash 碰撞问题

权限管理,可就宽泛了,还有好些可以归到权限管理里面

Contract interaction

  1. Unchecked low-level call (SWC-104, DASP-4, SP-9)

  2. Reentrancy (SWC-107, DASP-1, SP-1)

  3. Dos with external call

  4. DoS with revert/DoS with Failed Call (SWC-113, SP-11)

  5. DoS with selfdestruct (DASP-5)

  6. Insufficient Gas Griefing

    subcall fail

1. Require Gasleft 保证 subcall 完成
2. Permit only trusted accounts to relay the transaction.

  7. Meta transactions Relay 转发者不断提供较少 gas 使其失败,从而不断获取 ether 或者形成 Dos

Low-level focus

  1. Use of Low-Level Functionality/use assembly instructions

    1. Arbitrary Jump with Function Type Variable

  2. Uncheck low-level call return Value

  3. Constant functions using assembly code

Entropy Illusion/Weak Sources of Randomness from Chain Attributes/Use of Insufficiently Random Values/Entropy Illusion

  1. UnsafeDependenceOnBlock

    1. block.timestamp/Block values as a proxy for time/Timestamp dependence
    2. block Number Block Number Dependency
    3. blockhash
    4. block.difficulty

  2. UnsafeDependenceOnGas

Block content manipulation

Miner assembles block and thus can influence its contents (included transactions, their order, other block parameters).

Front-running / transaction reordering (SWC-114, DASP-7, SP-10) Timestamp manipulation (SWC-116, DASP-8, SP-12) Random with blockhash (SWC-120, DASP-6, SP-6) Transaction censorship (link)

参照

SWC Registry Classification of smart contract vulnerabilities Known Attacks Silent But Vulnerable: Ethereum Gas Security Concerns Solidity Security: Comprehensive list of known attack vectors and common anti-patterns ethereum wiki 智能合约的常见漏洞 以太坊智能合约安全入门了解一下(上) 区块链智能合约安全审计白皮书(2018 年)解读 以太坊 Solidity 合约 call 函数簇滥用导致的安全风险