智能合约web3.0都有哪些漏洞

admin 2024年4月14日02:40:09评论6 views字数 2691阅读8分58秒阅读模式

由于微信公众号推送机制的改变避免错过文章麻烦您将公众号设为星标感谢您的支持!

智能合约web3.0都有哪些漏洞

想要学习:【漏洞挖掘,内网渗透OSCP,车联网,二进制】的朋友欢迎加入知识星球一起学习。如果不满意,72小时内可在APP内无条件自助退款。

智能合约web3.0都有哪些漏洞

-->进入正题啦

智能合约漏洞名,下面分为英文和翻译后的
推荐一个web3.0赏金猎人平台:https://dashboard.securr.tech/

英文:

ReentrancyFront-runningInteger overflow/underflowDenial-of-Service (DoS)Solidity-specific vulnerabilitiesUninitialized storage pointersUnchecked external callsAccess control issuesEther withdrawal issuesTransaction-ordering dependence (TOD)Frontrunning in decentralized exchangesOracle manipulationChain reorganizationsInadequate auditing and testingGas-related vulnerabilitiesTime-dependent vulnerabilitiesUnintended token transfersInadequate exception handlingUnsafe delegatecall usageProxy contract vulnerabilitiesBatch overflow vulnerabilitiesInsecure token standardsArbitrary data storage and retrievalInsufficient input validationStorage layout vulnerabilitiesEther lockup vulnerabilitiesLogic flaws in upgradeable contractsIncorrectly implemented token standardsUnpredictable external contract callsMalicious contract dependenciesSolidity compiler bugsOverflowing mapping storageNon-standard fallback functionsIncorrect gas calculationsUninitialized contract variablesDenial of service through block.timestampExcessive contract complexityVulnerable third-party librariesIncorrect event log handlingContract function visibility issuesPoorly implemented randomness generationLack of access control in upgradeable contractsVulnerable constructor functionsRace conditions in contract executionToken supply vulnerabilitiesGas token vulnerabilitiesSmart contract self-destruct vulnerabilitiesInteger arithmetic vulnerabilitiesUnprotected upgradesInsufficient gas stipends for external callsFlash loan attacksIncorrect array handlingShort address attacksGas limit exhaustionStuck etherZero-day exploitsWeb3.js vulnerabilitiesGas price manipulationTransaction malleabilityResource depletionReplay attacksImmutable contract vulnerabilitiesCompiler bugsProxy contract issuesEconomic attacksGovernance flawsBridging vulnerabilitiesFork vulnerabilitiesSmart contract upgrade risksSupply chain attacksChainlink vulnerabilitiesSecurity token standard issuesAsset pegging vulnerabilitiesSybil attacks

中文:

可重入性抢先交易整数上溢/下溢拒绝服务 (DoS)Solidity 特定的漏洞未初始化的存储指针未检查的外部呼叫访问控制问题以太币提现问题交易顺序依赖性 (TOD)去中心化交易所的抢先交易甲骨文操纵连锁重组审核和测试不足与天然气相关的漏洞与时间相关的漏洞意外的代币转移异常处理不足不安全的 delegatecall 使用代理合约漏洞批量溢出漏洞不安全的代币标准任意数据存储和检索输入验证不足存储布局漏洞以太币锁定漏洞可升级合约的逻辑缺陷代币标准实施不正确不可预测的外部合同调用恶意合约依赖Solidity 编译器错误映射存储溢出非标准后备函数气体计算不正确未初始化的合约变量通过 block.timestamp 拒绝服务合同过于复杂易受攻击的第三方库事件日志处理不正确合约功能可见性问题随机生成实施不当可升级合约缺乏访问控制易受攻击的构造函数合约执行中的竞争条件代币供应漏洞Gas代币漏洞智能合约自毁漏洞整数算术漏洞不受保护的升级外部调用的燃气津贴不足闪贷攻击数组处理不正确短地址攻击气体极限耗尽卡住乙醚零日漏洞利用Web3.js 漏洞天然气价格操纵交易延展性资源枯竭重放攻击不可变的合约漏洞编译器错误代理合同问题经济攻击治理缺陷弥补漏洞分叉漏洞智能合约升级风险供应链攻击Chainlink 漏洞安全令牌标准问题资产挂钩漏洞女巫攻击

喜欢朋友可以点点赞转发转发。

免责声明:本公众号不承担任何由于传播、利用本公众号所发布内容而造成的任何后果及法律责任。未经许可,不得转载。

原文始发于微信公众号(重生者安全团队):智能合约web3.0都有哪些漏洞

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2024年4月14日02:40:09
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   智能合约web3.0都有哪些漏洞https://cn-sec.com/archives/2654611.html

发表评论

匿名网友 填写信息