Discussion Summary.
- We present an up-to-date survey of smart contract security issues and their mitigations. We achieve this by combining the top research on smart contract security with cutting-edge open-source knowledge and information.
- We find that almost all of the most common attacks could be avoided or at least severely mitigated by following better coding practices. This includes general principles as well as specific design patterns against given attack types.
- The most common smart contract attack types are explained on a technical level and suggested mitigations against each one are given.
Tags.
Smart contract, Blockchain, Utility, and Network- security.
Points of Disagreements.
- Although I didn’t talk much about mitigating damages after an attack.
To view the full post: Research Summary: Attacks on Smart Contracts - #3 by ode
Unresolved question.
- Is it worth it to target and attack smart contracts? Because I feel it’s a waste of time and tools
View the full post here: Research Summary: Attacks on Smart Contracts - #13 by Never_in_trenches
Points of consensus.
Ambiguity
- I agree with you on the ambiguity of frontrunning, because, as you point out, arbitrage is required for a well-functioning financial system.
View the full post here: Research Summary: Attacks on Smart Contracts - #9 by windr
Offered Solutions
Building secure administrated contracts
-
deferred maintenance
-
board of trustees
-
safe pausing
To view the full post: Research Summary: Attacks on Smart Contracts - #2 by Twan -
They are all also essentially design patterns , which help to mitigate a specific problem
View full post:Research Summary: Attacks on Smart Contracts - #2 by Twan -
I’m having trouble reconciling these two ideas: security company auditing and better coding techniques.
View full post:Research Summary: Attacks on Smart Contracts - #4 by Ulysses
Identification of Consequences.
- The programming language is very nascent, notwithstanding the number of dapps built with it. Every day, developers are still figuring out different parameters for smart contract applications. While that happens, hackers also keep up with the updates and look for loopholes they can exploit.
View the full post-here:Research Summary: Attacks on Smart Contracts - #15 by Harvesto
- Because the Solidity Language performs functions differently/uniquely from traditional programming languages, it is prone to bugs/vulnerabilities. As a result of this distinction, there is a schism between how programmers interpret/iterate the language and how the language executes instructions.
View full post-here:Research Summary: Attacks on Smart Contracts - #17 by Harvesto
Questions.
- Do you think some future types of attacks can be predicted/prevented by utilizing lessons learned from traditional finance?
View full post-here:Research Summary: Attacks on Smart Contracts - #5 by windr - In what brackets (better coding practices, automated tools, and technology changes) would you consider these practices to fall?
View the full post-here:Research Summary: Attacks on Smart Contracts - #2 by Twan - Just wanted to enquire if there could be a detention tool for smart contract vulnerabilities that can help detect reentrancy vulnerabilities.
View the full conversation here: Research Summary: Attacks on Smart Contracts - #12 by Henry - Is this because of the Solidity language itself or how people are using it? That seems to be an important distinction.
View the full post-here:Research Summary: Attacks on Smart Contracts - #16 by zube.paul
Unexplored territory in the discussion.
- Is it worth it to target and attack smart contracts? Because I feel it’s a waste of time and tools.
View the full post here: Research Summary: Attacks on Smart Contracts - #13 by Never_in_trenches
Key resources.