GithubHelp home page GithubHelp logo

fergarrui / ethereum-security Goto Github PK

View Code? Open in Web Editor NEW
140.0 140.0 18.0 310 KB

Security issues in Ethereum demonstrated in mocha tests. The fix is also demonstrated

License: GNU General Public License v3.0

JavaScript 69.86% Solidity 30.14%
ethereum mocha-tests security smart-contracts solidity solidity-security

ethereum-security's People

Contributors

fergarrui avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

borgdena olegnn panickervinod idkwim rca03 saaperezru harikrishnan-github dayanuyim noahmarconi kchenlab nikoskar drzedd42 materaj2 hamdanhussein

ethereum-security's Issues

WithdrawAll function flawed

In ReentrancyVulnerableFixed.sol, function WIthdrawAll().

balances[msg.sender] is set to zero before the transaction is made. The variable that should be used is "amount".

Ether delivery via the `SELFDESTRUCT` opcode.

Any contract is intended to receive Ether in payable functions only. Thus, there could be contracts that rely on fact that their balance can only be increased through payable functions that are implemented at this contract.

It is not absolutely accurate because it is possible to throw an amount of Ether into a certain address via the SELFDESTRUCT opcode.

contract SuicideDeliverer
{

    function() payable { }

    function deliverTo(address _addr)
    {
        suicide(_addr);
    }
}

This can deliver Ether to a contract at _addr address without a proper handling. It can violate the internal contract logic, if the contract is based on the assumption that it can only accept Ether properly through calls of "payable" functions.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.