Skip to content

SonyaMoisset/awesome-blockchain-security

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
 
 

Repository files navigation

Awesome Blockchain Security

Companies

Articles

Crypto Hacks

Rekt Leaderboard

  • Poly Network
  • BitMart
  • Coumpound
  • Vulcan Forged
  • Cream Finance
  • Badger
  • Ascendex
  • EasyFi
  • Uranium Finance
  • bZx
  • PancakeBunny
  • Kucoin
  • Alpha Finance
  • Vee Finance
  • Meerkat Finance
  • MonoX
  • Spartan Protocol
  • StableMagnet
  • Paid Network
  • Harvest Finance
  • XToken
  • Popsicle Finance
  • Pickle Finance
  • Cream Finance
  • Snowdog
  • bEarn
  • Indexed Finance
  • Eminence
  • Furucombo
  • Compounder Finance
  • Value DeFi
  • Yearn
  • Rari Capital
  • Value DeFi
  • Cover
  • Punk Protocol
  • THORChain
  • Hack Epidemic
  • Anyswap
  • Warp Finance
  • BurgerSwap
  • Value DeFi
  • Alchemix
  • Belt
  • Bondly
  • Roll
  • THORChain
  • X-Token
  • Eleven Finance
  • ChainSwap
  • DAO Maker
  • JayPegs Automart
  • PancakeBunny
  • DODO
  • Akropolis
  • 8ight Finance
  • Levyathan
  • The Big Combo
  • Autoshark
  • Merlin Labs
  • Merlin Labs
  • Merlin Labs
  • Saddle Finance
  • SafeDollar

Organisations

Cloud Security Alliance

Blockchain DLT Attacks and Weaknesses Enumeration

  • Account Hijacking
  • API Exposure
  • Artificial Difficulty Increases
  • Balance Attack
  • Bitcoin lightning - Eclipse Attack Time Dilation
  • Bitcoin Lightning - Flood and Loot
  • Bitcoin Lightning - Pinning
  • Bitcoin Lightning - Spamming Payment Micropayments
  • Block Forger DoS
  • Block Mining Finney Attack
  • Block Mining Rae Attack
  • Block Mining Timejack Attack
  • Block reordering Attack
  • Blockchain nIngestion
  • Blockchain network Lacks Hash Capacity
  • Blockchain Network Partitioning Attack
  • Blockchain Peer Flooding Attack
  • Blockchain Peer Flooding Attack Slowloris Variant
  • Blockchain Reorganization Attack
  • Blockchain Weak Sources of Randomness
  • Consensus 34% Attack
  • Consensus 51% Attack
  • Consensus Attack
  • Consensus Attack Against PoS
  • Consensus Attack Against PoW
  • Consensus Delay Attack
  • Consensus Majority Attack
  • Credential Stuffing
  • Cryptomining
  • Cryptomining Malware
  • Data Corruption
  • Dictionnary Attack
  • Distributed-Denial-of-Service Attack
  • DNS Attacks
  • DoS against Ethereum 2.0 validator to trigger penalty for being offline
  • Double Spending Attack
  • Download of Data Without Integrity Check
  • Dusting Attack
  • Eclipse Attack
  • EOS RAM Vulnerability
  • ERC20 Token Transfer to Self Token Address (and possibly other tokens)
  • Ethereum Solidity Prior to 0.5.0 View Promise Not Enforced
  • Evil Maid Attack
  • Failure to Update
  • Fixed Consensus Termination
  • Flash Loans
  • Flawed Blockchain Network Design
  • Fork-after-withhold Attack
  • Freeloadinng
  • Front Running
  • Front Running Displacement
  • Front Runningn Insertion
  • Front Running Mempool
  • Front Running Oracle
  • Front Running Suppression
  • Frozen ether
  • Gas Limit DoS on the Blockchain Network via Block Stuffing
  • Hard Fork Software Update
  • Hash Functions
  • Homomorphic Encryption
  • Identity and Access Management Overview
  • Immutable Bugs
  • Implementation of Something They Should Use a Standard Library For
  • Indistinguishable Chais
  • Insecure API Connections
  • Insider Threat
  • Leading Ether to Arbitrary Address
  • Long-Range Attack
  • Lost Ether in The Transaction
  • Long-Range Attack
  • Lost Ether in The Transaction
  • Majority Attack
  • Malfunctioned MSP
  • Malicious Mining
  • Malicious Web Extensions
  • Membership Service Provider Attacks
  • Mirroring
  • Multi-Factor Authentication (MFA)
  • Multiple Signatures
  • Namespace Squatting on Internal Packages
  • Network Routing Attacks
  • Non-existent Accounts
  • Nothing at Stake
  • On-Chain Data Confidentiality
  • Orphan Blocks
  • Parity Multisig Wallet Attack
  • Permissioned Blockchain MSP DoS
  • Phishing Attack
  • Pool Hopping
  • Private Key Leakage Attack
  • Public Peer Selection
  • Replay Attack
  • Requirements of Keeping Real World PII Data Associated With Crypto Wallet Addresses
  • Ring Signatures
  • RPC Call Vulnerability
  • Selfish Mining Attack (Block Withholding Attack)
  • SIM Swap
  • Single perspective Validation
  • Smart Contract Use of Outdated Compiler Version
  • Smart Contract Access Control - Smart Contract Initiatlization
  • Smart Contract Arbitrary Jump With Function type Variable
  • Smart Contract Assert Violation
  • Smart Contract Authorization through tx.origin
  • Smart Contract Block values as a proxy for time
  • Smart Contract Call Depth Attack
  • Smart Contract Call to Unknown Function via fallaback()
  • Smart Contract Code With No Effects
  • Smart Contrat Cross-Function Race Condition
  • Smart Contract Default Fallback Address Attack
  • Smart Contract Delegate Call Injection
  • Smart Contract Delegate Call to Untrusted Callee
  • Smart Contract Disordered Exceptionns
  • Smart Contract DoS
  • Smart Contract DoS with Block Gas Limit
  • Smart Contract DoS with Failed Call
  • Smart Contract DoS wit Unbounded Operations
  • Smart Contract DoS With Unexpected Revert
  • Smart Contract Erroneous Constructor Name
  • Smart Contract Erronenous Visibility
  • Smart Contract Ehter Lost in Transfer
  • Snart Contract Ether Lost to Orphan Addresses
  • Smart Contract Etherum Gasless Send
  • Smart Contract Floating Pragma
  • Smart Contract Forcibly Sending Ether to a Contract
  • Smart Contract has undocumented "onlyOwner" termination function or other capability
  • Smart Contract Hash Collisions with Multiple Variable Length Arguments
  • Smart Contract Immutable Bugs
  • Smart Contract Incorrect Constructor Name
  • Smart Contract Incorrect ERC20 Implementation
  • Smart Contract Incorrect Function State Mutability
  • Smart Contract Incorrect Inheritance Order
  • Smart Contract Insufficient Gas Griefing
  • Smart Contract Integer Iverflow and Underflow
  • Smart Contract Keeping Secrets
  • Smart Contract Lack of Address Key Binding
  • Smart Contract Lack of Proper Signature Verification
  • Smart Contract Manipulation Balance
  • Smart Contract Message Call with Hardcoded Gas Amnout
  • Smart Contrat Mishandled Exceptions
  • Smart Contract Missing Protection Against Signature Replay Attacks
  • Smart Contract Presence of Unused Variables
  • Smart Contract Race Conditions
  • Smart Contract Rentrancy Race Condition
  • Smart Contract Requirement Violation
  • Smart Contract Right-To-Left-Override Control Character (U+202E)
  • Smart Contract Shadowing State Variables
  • Smart Contract Short Address Attack
  • Smart Contract Signature Malleability
  • Smart Contract Source Code Unavailable for review
  • Smart Conrtact Stack Size Limit
  • Smart Contract State Variable Default Visibility
  • Smart Contract Time Related Issues
  • Smart Contract Timestamp Dependency
  • Smart Contract Transaction Order Dependence
  • Smart Contract Transaction Ordering Dependency (TOD)
  • Smart Contract Typecasts
  • Smart Contract Typographical Error
  • Smart Contract Unchecked Call Return Value
  • Smart Contract Unchecked Return Values
  • Smart Contract Underpriced Opcodes
  • Smart Contract Unencrypted Private Data On-Chain
  • Smart Conrtact Unexpected Call Return Value
  • Smart Contract Unexpected Ether Balance
  • Smart Contract Uninitialised Storage Pointer
  • Smart Contract Unpredictable State
  • Smart Contract Unprotected Ether Withdrawaal
  • Smart Contract Unprotectedt SELFDESTRUCT Instruction
  • Smart Contract Unprotected Suicide
  • Smart Contract Upgradeable Contract
  • Smart Contract Usage of "continue" in "do-while"
  • Smart Contract Use of Deprecated Solidity Functions
  • Smart Contract Weak Field Modifier
  • Smart Contract Weak Sources of Randomness from Chain Attributes
  • Smart Contract Write to Arbitrary Storage Location
  • Smart Contract Function Default Visibility
  • Soft Forks
  • Sole Block Synchronisation
  • Stealth Addresses
  • Sybil Attacks
  • Time Manipulation
  • Timebomb
  • Timejacking
  • Transaction Flooding
  • Transaction Malleability
  • Two-Factor Authentication (2FA)
  • Two-Factor Authentication (2FA) via Biometrics
  • Two-Factor Authentication (2FA) via Email
  • Two-Factor Authentication (2FA) via SMS
  • Typo squatting on Spellcheck Names
  • Uncle Block Rewards
  • Uncle Forks
  • Unlimited Incoming Connections
  • Vector76
  • Voice Assistant Attack
  • Vote Token Trapping
  • Vulnerabilities in Virtual Machines (EVM, JVM)
  • Vulnerability to Malware
  • Vulnerable Signature
  • Wallet Theft
  • Wallet Weak Seed Creation
  • Zero Balance Accounts
  • Failure to Remove Developer or Test Credentials or Addresses from a SmartContract
  • XSS in Wallets and Smart Contract Interfacesvia Company Names/etc

Notable Blockchain Security Issues

  • Exchange Hacks
  • DeFi Hack
  • 51% Attack
  • Phishing
  • Rugpull/Exitscam
  • Ransomware
  • SIM Swap
  • Investment Scam
  • High-Profile Doubler Scam
  • Extortion

Wallet Security

  • Fake Software Wallets
  • Fake Hardware Wallets

SWC Registry - Smart Contract Weakness Classification and Test Cases

Registry