Known or standard vulnerabilities of smart contracts

1
Known or standard vulnerabilities of smart
contracts
2
Vulnerabilities of Smart Contracts

• Race conditions where events do not occur in the
  expected order. In smart contracts, race
  conditions can occur when external contracts take
  over the flow of control.
• Reentrant In this case, some function is called
  repeatedly before the first invocation of the
  function completes. One of the crucial solutions
  is to block concurrent calls on certain
  functions, especially when examining external
  calls.
• Cross - function Race conditions describe a
  similar attack of two functions that share the
  same state, with the same solutions.
• Transaction Order Dependency (TOD) / Front
  Running Is another race condition that affects
  transaction orders within a block. By
  manipulating transaction requests, one user
  profits at the expense of another.

3
Vulnerabilities of Smart Contracts

• Oracle manipulation This type of attack is
  associated with smart contracts that rely on
  external data as inputs. If the entered data is
  incorrect, it continues to be entered and is
  executed automatically. Protocols that depend on
  oracles that have been hacked, deprecated, or
  with malicious intent could have disastrous
  effects on all processes that depend on them.
• Attack on short address/parameter This type of
  attack is associated with EVM. occurs when the
  smart contract accepts incorrectly filled
  arguments. In this way, attackers can exploit
  poorly encoded clients by using specially crafted
  addresses to cause them to incorrectly encode
  arguments before including them in transactions.

4
Smart Contract Audit

• Just like normal code auditing, the security of a
  smart contract is directly proportional to the
  robustness and quality of the deployed code. It
  involves extensive scrutiny and analysis of the
  code of a smart contract. To do this, smart
  contract auditors check for common bugs, known
  host platform bugs, and simulate code attacks.
  Developers (usually third-party smart contract
  auditors) can then identify bugs, potential
  flaws, or security vulnerabilities in the
  project's smart contract.
• This service is very important in the blockchain
  industry because the deployed contracts cannot be
  modified or are irrevocable. Any defect will most
  likely make the contract dysfunctional or prone
  to security breaches that could lead to
  irrecoverable loss. Today, getting an audit
  validation is a boost to gain the trust of users.

5
Steps for Auditing Smart Contracts

• 1. Examine consistency between code functionality
  and project white paper
• 2. Check for standard vulnerabilities
• 3. Symbolic analysis
• 4. Automated analysis using automated tools
  (Approach 1) Tools like Truffle and Populus are
  used for automated code checking.
• 5. Manual code quality review (approach 2) In
  this case, the code is reviewed manually by
  experienced developers.
• 6. Gas usage analysis
• 7. Performance optimization
• 8. Preparation of reports.