Computer Science

Smart Contract Randomness or ReplicatedLogic Attack

In this tutorial, the randomness attack or also called replicated logic attack is analyzed. The problem in Solidity contracts is finding the true source of randomness. We will see how generating a random number using on chain data cannot be trusted.   The tutorial starts with exploiting the randomness vulnerability, followed by the possible solutions. Let …

Smart Contract Randomness or ReplicatedLogic Attack Read More »

DelegateCall or Storage Collision Attack on Smart Contracts

The DelegateCall attack or storage collision is expounded in this post. Before you can grasp this exploit, you must first understand how Solidity saves state variables as explained here.  We start with the differences between call and delegatecall in Solidity, followed by exploiting the vulnerability of the delegatecall using the proxy contracts (mostly in smart …

DelegateCall or Storage Collision Attack on Smart Contracts Read More »

tx.origin Phishing Attack — Smart Contract Security

In this post, we discuss phishing attacks due to tx.origin. In the regular phishing of a website, phishing begins with a phony email or another kind of communication intended to entice a victim. In this case, the communication done appears as if it came from a reputable sender. Similarly, the case of smart contracts which …

tx.origin Phishing Attack — Smart Contract Security Read More »