click below
click below
Normal Size Small Size show me how
Solidity by Example
Hacks
Question | Answer |
---|---|
How does a reentrancy exploit work? | A reentrancy exploit allows an external malicious contract (B) to call back into the calling contract (A) before the first invocation of the function is finished. |
What preventive techniques can be used to protect against reentrancy attacks? | Preventative techniques to protect against reentrancy attacks include ensuring that all state changes happen before calling external contracts, and using function modifiers that prevent re-entrancy. |
How can SafeMath help to prevent arithmetic overflow and underflow in Solidity 0.8? | SafeMath is a library for Solidity that helps to prevent arithmetic overflow and underflow. When used with Solidity 0.8, it will throw an error if an overflow or underflow is detected, thus helping to prevent these types of errors. |
Preventative measures against Arithmetic overflow/underflow | "A Use SafeMath to will prevent arithmetic overflow and underflow Solidity 0.8 defaults to throwing an error for overflow / underflow" |
How can a contract be deleted from the blockchain? | Contracts can be deleted from the blockchain by calling the selfdestruct function. |
What happens to the remaining Ether stored in the contract when selfdestruct is called? | When selfdestruct is called, all remaining Ether stored in the contract is sent to a designated address. |
Preventative technique against Self Destruct vulnerability | Don't rely on address(this).balance |
How can a malicious contract use selfdestruct? | A malicious contract can use selfdestruct to force sending Ether to any contract. |
Can all data on a smart contract be read? | Yes, all data on a smart contract can be read. |
Preventative Technique against accessing of private data vulnerability. | Don't store sensitive information on the blockchain. |
What are the 2 things to keep in mind when using delegatecall | 1. delegatecall preserves context (storage, caller, etc...) 2. storage layout must be the same for the contract calling delegatecall and the contract getting called" |
What are the risks of using delegatecall? | Delegatecall is tricky to use and wrong usage or incorrect understanding can lead to devastating results. |
Preventative Technique against delegatecall vulnerability | Use stateless Library |
Are blockhash and block.timestamp reliable sources for randomness? | No, blockhash and block.timestamp are not reliable sources for randomness. |