Arrow icon
Ness Labs: Make the most of your mind
Learn more about Joggo

A Summary of

Securing smart contracts (series) - Part 1

View original

This article will look at some famous vulnerabilities of smart contracts and how to mitigate them.

  1. Overflows and underflows 
    1. If the code does not check for someone who has X tokens but attempts to spend X+1, the attacker might be allowed to spend more tokens than he had and have a maxed out balance 
    2. Mitigation: use OpenZeppelin’s SafeMath Library 
  2. Visibility and delegate call 
    1. Public functions can be called by anyone 
    2. Delegatecall is essentially identical to a message call 
    3. Delegatecall has a vulnerability in which an attacker can call contract delegate’s public function and can claim ownership of the contract 
    4. This involves a combination of both insecure visibility modifiers and misuse of delegate call with arbitrary data 
  3. Recentrancy 
    1. Calling a function before actually reducing the sender’s balance opened the DAO hack 
    2. Fix is to reduce the sender’s balance before making the transfer of value 
Related content
See all posts
Arrow icon