AgentSkillsCN

vulnerability-patterns

Solidity 中常见的漏洞模式及其防范措施。在审查合约安全问题或了解常见漏洞利用方式时使用。

SKILL.md
--- frontmatter
name: vulnerability-patterns
description: Common vulnerability patterns in Solidity and how to prevent them. Use when reviewing contracts for security issues or learning about common exploits.

Vulnerability Patterns Skill

Reference skill for common Solidity vulnerability patterns. This skill references detailed checklists in the security-audit skill.

When to Use

Use this skill when:

  • Learning about common vulnerabilities
  • Reviewing code for security issues
  • Understanding exploit techniques
  • Preventing known vulnerabilities

Related Skills

For comprehensive security auditing, see:

  • security-audit: Complete audit methodology and checklists
  • testing-patterns: Security testing approaches
  • contract-patterns: Secure implementation patterns

Common Vulnerability Categories

Critical Vulnerabilities

  1. Reentrancy - See security-audit/checklists/common-vulnerabilities.md

    • Classic reentrancy (same function)
    • Cross-function reentrancy
    • Read-only reentrancy
  2. Access Control - See security-audit/checklists/access-control-checklist.md

    • Missing access modifiers
    • Incorrect authorization
    • Privilege escalation
  3. Integer Issues - See security-audit/checklists/common-vulnerabilities.md

    • Overflow/underflow (pre-0.8)
    • Division by zero
    • Precision loss
  4. Oracle Manipulation - See security-audit/checklists/defi-checklist.md

    • Flash loan attacks
    • Price manipulation
    • Stale price data

High Severity

  1. Unchecked External Calls
  2. Delegatecall Injection
  3. Signature Replay
  4. Front-Running
  5. Denial of Service

Medium Severity

  1. Timestamp Dependence
  2. Tx.origin Authentication
  3. Floating Pragma
  4. Uninitialized Storage

Quick Vulnerability Reference

Reentrancy

solidity
// ❌ Vulnerable
function withdraw() public {
    uint amount = balances[msg.sender];
    (bool success, ) = msg.sender.call{value: amount}("");
    balances[msg.sender] = 0;  // Too late!
}

// ✅ Secure
function withdraw() public nonReentrant {
    uint amount = balances[msg.sender];
    balances[msg.sender] = 0;  // Update first
    (bool success, ) = msg.sender.call{value: amount}("");
    require(success);
}

Access Control

solidity
// ❌ Missing modifier
function mint(address to, uint amount) public {
    _mint(to, amount);
}

// ✅ Protected
function mint(address to, uint amount) public onlyOwner {
    _mint(to, amount);
}

Integer Overflow

solidity
// ❌ Pre-0.8 vulnerable
pragma solidity 0.7.6;
uint256 balance = type(uint256).max;
balance += 1;  // Overflows silently

// ✅ Solidity 0.8+ safe
pragma solidity 0.8.30;
uint256 balance = type(uint256).max;
balance += 1;  // Reverts

Testing for Vulnerabilities

Reentrancy Test

solidity
contract Attacker {
    Target public target;

    function attack() external payable {
        target.deposit{value: msg.value}();
        target.withdraw();
    }

    receive() external payable {
        if (address(target).balance > 0) {
            target.withdraw();
        }
    }
}

function test_ReentrancyAttack() public {
    vm.expectRevert();  // Should revert
    attacker.attack{value: 1 ether}();
}

Access Control Test

solidity
function test_RevertWhen_UnauthorizedMint() public {
    vm.prank(attacker);
    vm.expectRevert("Ownable: caller is not the owner");
    token.mint(attacker, 1000);
}

Resources

Detailed Vulnerability Information:

Related Skills:

  • security-audit/checklists/common-vulnerabilities.md - Complete vulnerability checklist
  • security-audit/checklists/defi-checklist.md - DeFi-specific vulnerabilities
  • security-audit/checklists/upgrade-checklist.md - Upgrade-related issues

Note: This is a reference skill. For comprehensive security auditing, use the security-audit skill which contains detailed checklists and methodologies.