Open kadenzipfel opened 4 months ago
@kadenzipfel please can you assign this to me? Also, what file will this be in?
@mawutory added you. It should be done in the README
Including https://github.com/kadenzipfel/smart-contract-vulnerabilities/issues/54 here for discussion. Should we have a category of deprecated vulnerabilities?
For #54, a simple note should be enough. Eg: "Not exploitable in Solidity 0.8.24+"
For #54, a simple note should be enough. Eg: "Not exploitable in Solidity 0.8.24+"
@mawutory Adding a simple note like "Not exploitable in Solidity 0.8.24+" is definitely helpful. However, creating a distinct category for deprecated vulnerabilities can further aid new learners by clearly segregating current issues from those that are no longer relevant
What do you think?
@mawutory, are you still planning to implement this?
@mawutory still doing this...
@indeqs, if you wanna take this over feel free
@indeqs, if you wanna take this over feel free
alright
WDYT about this @kadenzipfel :
Gas Management Issues:-
Front-running:-
Reentrancy:-
Bad Randomness:-
Denial of Service (DoS):-
Arithmetic Issues:-
Cryptographic Issues:-
Unsafe Calls:-
Unexpected Ether Balance:-
Function Validation and Standards:-
Storage and Visibility Issues:-
Hash Collisions:-
Other Issues:-
ecrecover
null addresstx.origin
msg.value
in a loop@indeqs, I feel like this is highly specific and yet doesn't actually cover a wide range of categories
The vulns are taken from what is already existing in this repo
The vulns are taken from what is already existing in this repo
Yeah the vulns are fine just the categories aren't ideal imo
The vulns are taken from what is already existing in this repo
Yeah the vulns are fine just the categories aren't ideal imo
fair enough, What categorization names do you suggest
if this issue is still open, would be open in collaborating vis a vie https://github.com/manifoldfinance/defi-threat
if this issue is still open, would be open in collaborating vis a vie https://github.com/manifoldfinance/defi-threat
Yes it's still open. Feel free to make a PR
Would be great to categorize each vulnerability to make it easier to navigate. Here's an excellent starting point by @indeqs.
Alpha: Many of these vulnerabilities listed have not yet been added to this repo
Gas Management Issues
Reentrancy
Front-running
Flash Loans
Denial of Service (DoS)
Arithmetic Issues
Cryptographic Issues
Price Oracle Manipulation
Cross-Chain Issues
Token Supply Issues
DeFi Specific Vulnerabilities
Malicious Contracts
Unsafe Calls
Social Engineering and Phishing
Ether Handling Issues
Block Attributes and Timing Issues
Function Validation and Standards
Storage and Visibility Issues
Data Handling Issues
Other Issues