由于微信公众号推送机制的改变避免错过文章麻烦您将公众号设为星标感谢您的支持!
想要学习:【漏洞挖掘,内网渗透OSCP,车联网,二进制】的朋友欢迎加入知识星球一起学习。如果不满意,72小时内可在APP内无条件自助退款。
智能合约漏洞名,下面分为英文和翻译后的
推荐一个web3.0赏金猎人平台:https://dashboard.securr.tech/
英文:
ReentrancyFront-runningInteger overflow/underflow(DoS)vulnerabilitiesUninitialized storage pointersUnchecked external callsAccess control issuesEther withdrawal issuesdependence (TOD)Frontrunning in decentralized exchangesOracle manipulationChain reorganizationsInadequate auditing and testingvulnerabilitiesvulnerabilitiesUnintended token transfersInadequate exception handlingUnsafe delegatecall usageProxy contract vulnerabilitiesBatch overflow vulnerabilitiesInsecure token standardsArbitrary data storage and retrievalInsufficient input validationStorage layout vulnerabilitiesEther lockup vulnerabilitiesLogic flaws in upgradeable contractsIncorrectly implemented token standardsUnpredictable external contract callsMalicious contract dependenciesSolidity compiler bugsOverflowing mapping storagefallback functionsIncorrect gas calculationsUninitialized contract variablesDenial of service through block.timestampExcessive contract complexityVulnerable third-party librariesIncorrect event log handlingContract function visibility issuesPoorly implemented randomness generationLack of access control in upgradeable contractsVulnerable constructor functionsRace conditions in contract executionToken supply vulnerabilitiesGas token vulnerabilitiesSmart contract self-destruct vulnerabilitiesInteger arithmetic vulnerabilitiesUnprotected upgradesInsufficient gas stipends for external callsFlash loan attacksIncorrect array handlingShort address attacksGas limit exhaustionStuck etherexploitsvulnerabilitiesGas price manipulationTransaction malleabilityResource depletionReplay attacksImmutable contract vulnerabilitiesCompiler bugsProxy contract issuesEconomic attacksGovernance flawsBridging vulnerabilitiesFork vulnerabilitiesSmart contract upgrade risksSupply chain attacksChainlink vulnerabilitiesSecurity token standard issuesAsset pegging vulnerabilitiesSybil attacks
中文:
可重入性抢先交易整数上溢/下溢(DoS)Solidity 特定的漏洞未初始化的存储指针未检查的外部呼叫访问控制问题以太币提现问题(TOD)去中心化交易所的抢先交易甲骨文操纵连锁重组审核和测试不足与天然气相关的漏洞与时间相关的漏洞意外的代币转移异常处理不足delegatecall 使用代理合约漏洞批量溢出漏洞不安全的代币标准任意数据存储和检索输入验证不足存储布局漏洞以太币锁定漏洞可升级合约的逻辑缺陷代币标准实施不正确不可预测的外部合同调用恶意合约依赖Solidity 编译器错误映射存储溢出非标准后备函数气体计算不正确未初始化的合约变量block.timestamp 拒绝服务合同过于复杂易受攻击的第三方库事件日志处理不正确合约功能可见性问题随机生成实施不当可升级合约缺乏访问控制易受攻击的构造函数合约执行中的竞争条件代币供应漏洞Gas代币漏洞智能合约自毁漏洞整数算术漏洞不受保护的升级外部调用的燃气津贴不足闪贷攻击数组处理不正确短地址攻击气体极限耗尽卡住乙醚零日漏洞利用漏洞天然气价格操纵交易延展性资源枯竭重放攻击不可变的合约漏洞编译器错误代理合同问题经济攻击治理缺陷弥补漏洞分叉漏洞智能合约升级风险供应链攻击Chainlink 漏洞安全令牌标准问题资产挂钩漏洞女巫攻击
喜欢朋友可以点点赞转发转发。
免责声明:本公众号不承担任何由于传播、利用本公众号所发布内容而造成的任何后果及法律责任。未经许可,不得转载。
原文始发于微信公众号(重生者安全团队):智能合约web3.0都有哪些漏洞
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论