TheDude
/
mythril
mirror of https://github.com/ConsenSys/mythril
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update security_checks.md

Browse Source
pull/88/head
Bernhard Mueller 7 years ago committed by GitHub
parent 97f8828a02
commit c5c2b76633
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      security_checks.md

2
security_checks.md
Unescape View File

@ -6,7 +6,7 @@ Detection modules, ideas collection and wish list. Contributions are welcome!
|------:|-------------|------------|----------|
|Unprotected functions| Critical functions such as sends with non-zero value or suicide() calls are callable by anyone, or msg.sender is compared against an address in storage that can be written to. E.g. Parity wallet bugs. | [unchecked_suicide](mythril/analysis/modules/suicide.py), [ether_send](mythril/analysis/modules/ether_send.py) | |
|Missing check on CALL return value| | [unchecked_retval](mythril/analysis/modules/unchecked_retval.py) | [Handle errors in external calls](https://consensys.github.io/smart-contract-best-practices/recommendations/#use-caution-when-making-external-calls) |
|Re-entrancy| Genreally, contract state should never be relied on if untrusted contracts are called. State changes after external calls should be avoided. | [external calls to untrusted contracts](mythril/analysis/modules/external_calls.py) | [Call external functions last](https://consensys.github.io/smart-contract-best-practices/known_attacks/#reentrancy) [Avoid state changes after external calls](https://consensys.github.io/smart-contract-best-practices/recommendations/#avoid-state-changes-after-external-calls)|
|Re-entrancy| Contract state should never be relied on if untrusted contracts are called. State changes after external calls should be avoided. | [external calls to untrusted contracts](mythril/analysis/modules/external_calls.py) | [Call external functions last](https://consensys.github.io/smart-contract-best-practices/known_attacks/#reentrancy) [Avoid state changes after external calls](https://consensys.github.io/smart-contract-best-practices/recommendations/#avoid-state-changes-after-external-calls)|
|Multiple sends in a single transaction| External calls can fail accidentally or deliberately. Avoid combining multiple send() calls in a single transaction. | | [Favor pull over push for external calls](https://consensys.github.io/smart-contract-best-practices/recommendations/#favor-pull-over-push-for-external-calls) |
|External call to untrusted contract| | [external call to untrusted contract](mythril/analysis/modules/call_to_dynamic_with_gas.py) | |
|Delegatecall or callcode to untrusted contract| | [delegatecall_forward](mythril/analysis/modules/delegatecall.py) | |

Write Preview
Loading…
Cancel
Save