Detecting Common Vulns

Balance Extraction

Confidence: 100%

Detect whether the attackers can steal ETH / native tokens from the contract.

Example:

function buggy() public {
    payable(msg.sender).transfer(1 ether);
}

Token Extraction

Confidence: 100%

Detect whether the attackers can steal ERC20 / ERC721 tokens from the contract, determined by the positive earnings of the attackers. The earning is calculated by liquidating the token on related Uniswap V2 pairs.

Example:

function buggy() public {
    // the price of tokenAddr2 is higher than tokenAddr1
    SomeToken(tokenAddr1).transferFrom(msg.sender, address(this), 1000);
    SomeToken(tokenAddr2).transfer(msg.sender, 1000);
}

Uniswap Pair Issues

Confidence: Medium

Identify misuse of Uniswap pair that could lead to price manipulation attacks.

Example:

function buggy() public {
    burn(IUniswapPair(pairAddr), 1000000);
}

Arbitrary Selfdestruct

Confidence: 100%

Detect whether the contract can be selfdestructed by anyone.

Example:

function buggy() public {
    selfdestruct(msg.sender);
}

Integer Overflow / Underflow

Confidence: Low

Detect whether the contract add / multiply / subtract leading to overflow and underflow.

Example:

function buggy() public {
    return type(uint256).max * 2;
}

PreviousWriting Invariants

Last updated 6 months ago