Vulnerability taxonomy

[kadenzipfel]

Would be great to categorize each vulnerability to make it easier to navigate. Here's an excellent starting point by @indeqs.

Alpha: Many of these vulnerabilities listed have not yet been added to this repo

Gas Management Issues

• Insufficient Gas Griefing
• Loops Gas Limit

Reentrancy

• Reentrancy via Modifier
• Read-Only Reentrancy
• Cross-Function Reentrancy
• Cross-Contract Reentrancy

Front-running

• Front-Running - Unprotected Withdraw
• Front-Running - Sandwich Attack
• Front-Running - ERC20 Approval
• Front-Running - Signatures
• Back-Running

Flash Loans

• Flash-Loan Governance Attack
• Flash-Loan Price Attack

Denial of Service (DoS)

• Denial Of Service (DOS) by Complex Fallback Function
• DoS with Block Gas Limit
• DoS with (Unexpected) revert
• Denial Of Service (DOS) by Non-Existent Address or Malicious Contract

Arithmetic Issues

• Floating Point Arithmetic
• Integer Overflow
• Integer Underflow
• Divide before Multiply
• Lack of Precision
• Off-By-One

Cryptographic Issues

• ECDSA Signature Malleability
• ECDSA Signature Replay
• Replay Attack
• Signature Malleability

Price Oracle Manipulation

• Price Oracle Manipulation

Cross-Chain Issues

• Cross-Chain Bridge Manipulation

Token Supply Issues

• Initial Supply Mint Issue

DeFi Specific Vulnerabilities

• DeFi Slippage Attack
• Amplification Attack Double Spending

Malicious Contracts

• Malicious Honeypot

Unsafe Calls

• Unsafe Delegatecalls
• Unsafe Low-Level Call
• Delegatecall to Untrusted Callee

Social Engineering and Phishing

• Phishing With Improper Authorization

Ether Handling Issues

• Unexpected Ether With Forcibly Sending Ether

Block Attributes and Timing Issues

• Block Timestamp Manipulation
• Timestamp Dependence
• Transaction-Ordering Dependence

Function Validation and Standards

• Unchecked Return Values
• Requirement Validation
• Absent Modifiers
• Use of Deprecated Functions
• Strict Equalities
• Insecure Randomness
• Inadherence to Standards

Storage and Visibility Issues

• Proxy Storage Collision
• Uninitialized Storage Pointer
• Write to Arbitrary Storage Location
• Incorrect Inheritance Order
• Shadowing State Variables
• Presence of Unused Variables
• Unencrypted Private Data On-Chain

Data Handling Issues

• Unencrypted Private Data On-Chain

Other Issues

• Rounding Down To Zero
• Force Feeding
• Unexpected ecrecover null address
• Asserting Contract from Code Size
• Floating Pragma
• Outdated Compiler Version
• Assert Violation
• Authorization Through tx.origin
• Insufficient Access Control
• Default Visibility

[polymawutor]

@kadenzipfel please can you assign this to me? Also, what file will this be in?

[kadenzipfel]

@mawutory added you. It should be done in the README

[kadenzipfel]

Including https://github.com/kadenzipfel/smart-contract-vulnerabilities/issues/54 here for discussion. Should we have a category of deprecated vulnerabilities?

[polymawutor]

For #54, a simple note should be enough. Eg: "Not exploitable in Solidity 0.8.24+"

[rakesh0x7]

For #54, a simple note should be enough. Eg: "Not exploitable in Solidity 0.8.24+"

@mawutory Adding a simple note like "Not exploitable in Solidity 0.8.24+" is definitely helpful. However, creating a distinct category for deprecated vulnerabilities can further aid new learners by clearly segregating current issues from those that are no longer relevant

What do you think?

[kadenzipfel]

@mawutory, are you still planning to implement this?

[indeqs]

@mawutory still doing this...

[kadenzipfel]

@indeqs, if you wanna take this over feel free

[indeqs]

@indeqs, if you wanna take this over feel free

alright

[indeqs]

WDYT about this @kadenzipfel :

Gas Management Issues:-

• Insufficient Gas Griefing

Front-running:-

• Transaction-Ordering Dependence

Reentrancy:-

• Single function reentrancy
• Cross-function reentrancy
• Read-only reentrancy

Bad Randomness:-

• Timestamp dependence. This no longer affects Ethereum mainnet since the merge
• Weak Sources of Randomness from Chain Attributes

Denial of Service (DoS):-

• DoS with (Unexpected) revert
• DoS with Block Gas Limit

Arithmetic Issues:-

• Integer Overflow and Integer Underflow
• Divide Before Multiply
• Off-by-One
• Lack of precision

Cryptographic Issues:-

• Signature Malleability
• Replay Attacks, i.e Missing protection against signature replay attacks

Unsafe Calls:-

• Delegatecall to Untrusted Callee
• Unsafe Low-Level Call

Unexpected Ether Balance:-

• Unexpected Ether balance with forcibly sent ether, i.e force feeding
• Unexpected Ether balance with forcibly sent ether, i.e inflation attack

Function Validation and Standards:-

• Unchecked Return Values
• Requirement Validation
• Use of Deprecated Functions
• Inadherence to Standards

Storage and Visibility Issues:-

• Uninitialized Storage Pointer. No longer an issue as of solidity 0.5.0
• Write to Arbitrary Storage Location
• Incorrect Inheritance Order
• Shadowing State Variables
• Presence of Unused Variables
• Unencrypted Private Data On-Chain
• Uninitialized Storage Pointer
• Default Visibility

Hash Collisions:-

• Hash Collision when using abi.encodePacked() with Multiple Variable-Length Arguments

Other Issues:-

• Unexpected ecrecover null address
• Asserting Contract from Code Size
• Floating Pragma
• Outdated compiler version
• Authorization Through tx.origin
• Asserting Contract from Code Size
• Unsupported Opcodes
• Assert Violation
• Incorrect Constructor Name. No longer an issue in Solidity >=v0.4.22
• Insufficient Access Control
• Unbounded Return Data
• Using msg.value in a loop
• Deleting a mapping within a struct

[kadenzipfel]

@indeqs, I feel like this is highly specific and yet doesn't actually cover a wide range of categories

[indeqs]

The vulns are taken from what is already existing in this repo

[kadenzipfel]

The vulns are taken from what is already existing in this repo

Yeah the vulns are fine just the categories aren't ideal imo

[indeqs]

The vulns are taken from what is already existing in this repo

Yeah the vulns are fine just the categories aren't ideal imo

fair enough, What categorization names do you suggest

[sambacha]

if this issue is still open, would be open in collaborating vis a vie https://github.com/manifoldfinance/defi-threat

[kadenzipfel]

if this issue is still open, would be open in collaborating vis a vie https://github.com/manifoldfinance/defi-threat

Yes it's still open. Feel free to make a PR