Ethereum Smart Contract Security | Programmer Explain
Goal:
To write a smart contract with explicit vulnerabilities that attack naïve attackers to launch attack against, whereas which locks up the funds of the attackers.Expected Attacker Behavior:
Naïve attacker will send the 0.1 Ether in order to get all the money from smart contract.Take away: (For Solidity Smart Contract Developer)
It is better to use SafeMath whenever you are dealing with number calculation in Solidity.
Step 1
Find newly created contracts that has been verified
An attacker will use web crawler to get all the newly created contracts and see if the contract has been verified. Once a contract been verified, it would show smart contract source code.
Step 2
Let’s do a simple math calculation
Do you think the following math statement is a true?(1 / 2) > 0--------------------------------------------------------------------In Javascript(1 / 2) > 0 <- will return trueis a true/positive statement.--------------------------------------------------------------------In Solidity(1 / 2) > 0 <- will return falseis a false/negative statement.Reason:
Currently, Solidity does not provide float/double data types.
Let’s recap.
Currently, Solidity does not provide float/double data types. Therefore, it is better to use SafeMath to avoid this unexpected result from happening.
Feel free to check this smart contract out on Etherscan.
About me
I am a full-stack javascript / DApps developer and one of the contributors for open source blockchain project DEXON and NEO.
Feel Free to reach out to me on Gitter. Or follow me Wayne Chiu.
Disclamer
This is only for education purpose for smart contract vulnerabilities that you might encounter while developing smart contract.
