Smart Contract Security Pitfalls Across Multiple Blockchain Ecosystems

Top 10 Most Recent Cryptocurrency Hacks

Top 6 Most Common Smart Contract Security Pitfalls

1. Lack of input validations

if *token_program_info.key != spl_token::id() {
msg!(
"Only the SPL token program is currently supported, expected {}, received {}",
spl_token::id(),
*token_program_info.key
);
return Err(ProgramError::IncorrectProgramId);
}

Example hack: Tinyman hack

2. Authorization and authentication Issues

  • Authentication is about proving your identity. This could mean entering a username and password or providing a signature.

Example hack: Poly Network hack

3. Arithmetic errors

Example hack: Solana Spl-token-lending program bug

4. Blockchain- or language-specific vulnerabilities

mapping (address => uint) private userBalances;
function withdrawBalance() public {
uint amountToWithdraw = userBalances[msg.sender];
(bool success, ) = msg.sender.call.value(amountToWithdraw)(""); // At this point, the caller's code is executed, and can call withdrawBalance again
require(success);
userBalances[msg.sender] = 0;
}

Example hack: The DAO hack

5. Logic errors

  • Incorrect/faulty formulas
  • Incorrect checks
  • Design errors

Example hack: Port Finance bug

6. Third-party vulnerabilities

Example hack: Mirror Protocol Exploit

Control Smart Contract Security Pitfalls with FYEO

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store