Vulnerability Patterns Skill
Reference skill for common Solidity vulnerability patterns. This skill references detailed checklists in the security-audit skill.
When to Use
Use this skill when:
- •Learning about common vulnerabilities
- •Reviewing code for security issues
- •Understanding exploit techniques
- •Preventing known vulnerabilities
Related Skills
For comprehensive security auditing, see:
- •security-audit: Complete audit methodology and checklists
- •testing-patterns: Security testing approaches
- •contract-patterns: Secure implementation patterns
Common Vulnerability Categories
Critical Vulnerabilities
- •
Reentrancy - See
security-audit/checklists/common-vulnerabilities.md- •Classic reentrancy (same function)
- •Cross-function reentrancy
- •Read-only reentrancy
- •
Access Control - See
security-audit/checklists/access-control-checklist.md- •Missing access modifiers
- •Incorrect authorization
- •Privilege escalation
- •
Integer Issues - See
security-audit/checklists/common-vulnerabilities.md- •Overflow/underflow (pre-0.8)
- •Division by zero
- •Precision loss
- •
Oracle Manipulation - See
security-audit/checklists/defi-checklist.md- •Flash loan attacks
- •Price manipulation
- •Stale price data
High Severity
- •Unchecked External Calls
- •Delegatecall Injection
- •Signature Replay
- •Front-Running
- •Denial of Service
Medium Severity
- •Timestamp Dependence
- •Tx.origin Authentication
- •Floating Pragma
- •Uninitialized Storage
Quick Vulnerability Reference
Reentrancy
solidity
// ❌ Vulnerable
function withdraw() public {
uint amount = balances[msg.sender];
(bool success, ) = msg.sender.call{value: amount}("");
balances[msg.sender] = 0; // Too late!
}
// ✅ Secure
function withdraw() public nonReentrant {
uint amount = balances[msg.sender];
balances[msg.sender] = 0; // Update first
(bool success, ) = msg.sender.call{value: amount}("");
require(success);
}
Access Control
solidity
// ❌ Missing modifier
function mint(address to, uint amount) public {
_mint(to, amount);
}
// ✅ Protected
function mint(address to, uint amount) public onlyOwner {
_mint(to, amount);
}
Integer Overflow
solidity
// ❌ Pre-0.8 vulnerable pragma solidity 0.7.6; uint256 balance = type(uint256).max; balance += 1; // Overflows silently // ✅ Solidity 0.8+ safe pragma solidity 0.8.30; uint256 balance = type(uint256).max; balance += 1; // Reverts
Testing for Vulnerabilities
Reentrancy Test
solidity
contract Attacker {
Target public target;
function attack() external payable {
target.deposit{value: msg.value}();
target.withdraw();
}
receive() external payable {
if (address(target).balance > 0) {
target.withdraw();
}
}
}
function test_ReentrancyAttack() public {
vm.expectRevert(); // Should revert
attacker.attack{value: 1 ether}();
}
Access Control Test
solidity
function test_RevertWhen_UnauthorizedMint() public {
vm.prank(attacker);
vm.expectRevert("Ownable: caller is not the owner");
token.mint(attacker, 1000);
}
Resources
Detailed Vulnerability Information:
- •SWC Registry - Smart Contract Weakness Classification
- •ConsenSys Best Practices
- •Rekt News - DeFi exploit analysis
Related Skills:
- •
security-audit/checklists/common-vulnerabilities.md- Complete vulnerability checklist - •
security-audit/checklists/defi-checklist.md- DeFi-specific vulnerabilities - •
security-audit/checklists/upgrade-checklist.md- Upgrade-related issues
Note: This is a reference skill. For comprehensive security auditing, use the security-audit skill which contains detailed checklists and methodologies.