Skip to main content

Attacks

If you just want to browse a list of crazy attacks, Bad Things is a great place to start. Bad Things is a grand list of attacks and breakdowns on what went wrong and how.

If you want to make sure you don't have these issues in your own code then check out Smart contract best practices - known attacks

Readings#

Smart contract best practices - known attacks - an overview

Bad Things - a list of attacks, from Scott's talk

(Optional) SWC Registry - Smart contract weakness classification and test cases

(Optional) Testing smart contracts - a talk I gave last year, might be a little outdated

Re-entrancy attack

What is Re-entrancy attack?

https://github.com/austintgriffith/scaffold-eth/tree/reentrancy-example - by our own @Aayush Gupta

Critical update Re: DAO vulnerability

Front-running

How to Get Front-Run on Ethereum mainnet - Video

Honeypots in Ethereum And How to avoid them with Tenderly.co transaction simulation - Video

How the Opyn Ethereum Contract was hacked for $943,000 (Technical Review) - Video

Ethereum is a Dark Forest

(Optional) Uniswap pools doc - explains what burn does in the blog post above; e.g. when removing liquidity, [removeLiquidity](https://github.com/Uniswap/uniswap-v2-periphery/blob/4123f93278b60bcf617130629c69d4016f9e7584/contracts/UniswapV2Router02.sol) will call this burn.

Escaping the Dark Forest

How the winner got Fomo3D price - A detailed explanation - block stuffing

Flash loan

Borrow Millions in DeFi with no collateral? flash loans explained (avave, dYdX) - Video

The bZx attacks explained

(Optional) bZx trading & borrowing doc - helps you to understand the bZx attacks above

Flash Arbitrager Trader - A simple working example of a flash arbitrage smart contract

MakerDAO issues warning after a flash loan is used to pass a governance vote

DeFi flash loan attacks and the yAxis metavault

SushiSwap's Vampire Scheme: Hours Away and With $1.3B at Stake