views
Race conditions: where events do not occur in the expected order. In smart contracts, race conditions can occur when external contracts take over the flow of control.
Reentrant: In this case, some function is called repeatedly before the first invocation of the function completes. One of the crucial solutions is to block concurrent calls on certain functions, especially when examining external calls.
Cross - function Race conditions: describe a similar attack of two functions that share the same state, with the same solutions.
Transaction Order Dependency (TOD) / Front Running: Is another race condition that affects transaction orders within a block. By manipulating transaction requests, one user profits at the expense of another.
Oracle manipulation: This type of attack is associated with smart contracts that rely on external data as inputs. If the entered data is incorrect, it continues to be entered and is executed automatically. Protocols that depend on oracles that have been hacked, deprecated, or with malicious intent could have disastrous effects on all processes that depend on them.
Attack on short address/parameter: This type of attack is associated with EVM. occurs when the smart contract accepts incorrectly filled arguments. In this way, attackers can exploit poorly encoded clients by using specially crafted addresses to cause them to incorrectly encode arguments before including them in transactions.
Smart Contract Audit
Just like normal code auditing, the security of a smart contract is directly proportional to the robustness and quality of the deployed code. It involves extensive scrutiny and analysis of the code of a smart contract. To do this, smart contract auditors check for common bugs, known host platform bugs, and simulate code attacks. Developers (usually third-party smart contract auditors) can then identify bugs, potential flaws, or security vulnerabilities in the project's smart contract.
This service is very important in the blockchain industry because the deployed contracts cannot be modified or are irrevocable. Any defect will most likely make the contract dysfunctional or prone to security breaches that could lead to irrecoverable loss. Today, getting an audit validation is a boost to gain the trust of users.
Steps for Auditing Smart contracts
1. Examine consistency between code functionality and project white paper
2. Check for standard vulnerabilities;
3. Symbolic analysis
4. Automated analysis using automated tools (Approach 1): Tools like Truffle and Populus are used for automated code checking. This approach takes very little time and has more sophisticated penetration compared to manual code checking. Although it also has limitations of false identification and lost vulnerability.
5. Manual code quality review (approach 2): In this case, the code is reviewed manually by experienced developers. Although automated checks are faster, manual checks take into account both fake & missed vulnerabilities.
6. Gas usage analysis;
7. Performance optimization
8. Preparation of reports.