mirror of https://github.com/ConsenSys/mythril
blockchainethereumsmart-contractssoliditysecurityprogram-analysissecurity-analysissymbolic-execution
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2.5 KiB
2.5 KiB
Smart Contract Security Issues
| Issue | Description | Mythril Detection Module(s) | References |
|---|---|---|---|
| Unprotected functions | Critical functions such as sends with non-zero value or suicide() calls are callable by anyone, or msg.sender is compared against an address in storage that can be written to. E.g. Parity wallet bugs. | unchecked_suicide, ether_send | |
| Missing check on CALL return value | unchecked_retval | Handle errors in external calls | |
| Re-entrancy | call to untrusted contract with gas | ||
| Multiple sends in a single transaction | External calls can fail accidentally or deliberately. Avoid combining multiple send() calls in a single transaction. | Favor pull over push for external calls | |
| Function call to untrusted contract | call to untrusted contract with gas | ||
| Delegatecall or callcode to untrusted contract | delegatecall_forward, delegatecall_to_dynamic.py | ||
| Integer overflow/underflow | integer_underflow | ||
| Timestamp dependence | |||
| Payable transaction does not revert in case of failure | |||
| Call depth attack | |||
Use of tx.origin |
tx_origin | Solidity documentation, Avoid using tx.origin | |
| Type confusion | |||
| Predictable RNG | weak_random | ||
| Transaction order dependence | |||
| Information exposure |