Yogesh Kulkarni

Yogesh is a senior software engineer with 10+ years experience in Software design, coding, testing and product development and software development knowledge in embedded systems and IoT. He focuses on the complete software development cycle, including design, coding, testing, continuous integration/delivery, and DevOps.

Smart Contract Randomness or ReplicatedLogic Attack

In this tutorial, the randomness attack or also called replicated logic attack is analyzed. The problem in Solidity contracts is finding the true source of randomness. We will see how generating a random number using on chain data cannot be trusted.   The tutorial starts with exploiting the randomness vulnerability, followed by the possible solutions. Let

Smart Contract Randomness or ReplicatedLogic Attack Read More »

DelegateCall or Storage Collision Attack on Smart Contracts

The DelegateCall attack or storage collision is expounded in this post. Before you can grasp this exploit, you must first understand how Solidity saves state variables as explained here.  We start with the differences between call and delegatecall in Solidity, followed by exploiting the vulnerability of the delegatecall using the proxy contracts (mostly in smart

DelegateCall or Storage Collision Attack on Smart Contracts Read More »

Private Variable Exploit – Hacking Smart Contracts in Solidity

In this part 2 of the series, we’ll examine how to exploit the “private” vulnerability in Solidity. As the name suggests, private means not accessible to anyone outside. Can we expect the same in Solidity smart contracts? Is any variable declared as ” private” in Solidity is not accessible from the outside world? If the

Private Variable Exploit – Hacking Smart Contracts in Solidity Read More »