Source from repo
Solidity Security

Audit Solidity smart contracts for reentrancy, integer overflow, access control, and oracle manipulation.
wshobsonGitHub wshobsonSource repo Original GitHub link Publisher page
Files
Skill
n/a
Size
12.9 KB
Entrypoint
SKILL.md
Format
git-repo
Open file
references/details.md

Syntax-highlighted preview of this file as included in the skill package.
Rendered Source
markdown390 linesFree
references/details.md
1# solidity-security — detailed patterns and worked examples
2 
3## Critical Vulnerabilities
4 
5### 1. Reentrancy
6 
7Attacker calls back into your contract before state is updated.
8 
9**Vulnerable Code:**
10 
11```solidity
12// VULNERABLE TO REENTRANCY
13contract VulnerableBank {
14    mapping(address => uint256) public balances;
15 
16    function withdraw() public {
17        uint256 amount = balances[msg.sender];
18 
19        // DANGER: External call before state update
20        (bool success, ) = msg.sender.call{value: amount}("");
21        require(success);
22 
23        balances[msg.sender] = 0;  // Too late!
24    }
25}
26```
27 
28**Secure Pattern (Checks-Effects-Interactions):**
29 
30```solidity
31contract SecureBank {
32    mapping(address => uint256) public balances;
33 
34    function withdraw() public {
35        uint256 amount = balances[msg.sender];
36        require(amount > 0, "Insufficient balance");
37 
38        // EFFECTS: Update state BEFORE external call
39        balances[msg.sender] = 0;
40 
41        // INTERACTIONS: External call last
42        (bool success, ) = msg.sender.call{value: amount}("");
43        require(success, "Transfer failed");
44    }
45}
46```
47 
48**Alternative: ReentrancyGuard**
49 
50```solidity
51import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
52 
53contract SecureBank is ReentrancyGuard {
54    mapping(address => uint256) public balances;
55 
56    function withdraw() public nonReentrant {
57        uint256 amount = balances[msg.sender];
58        require(amount > 0, "Insufficient balance");
59 
60        balances[msg.sender] = 0;
61 
62        (bool success, ) = msg.sender.call{value: amount}("");
63        require(success, "Transfer failed");
64    }
65}
66```
67 
68### 2. Integer Overflow/Underflow
69 
70**Vulnerable Code (Solidity < 0.8.0):**
71 
72```solidity
73// VULNERABLE
74contract VulnerableToken {
75    mapping(address => uint256) public balances;
76 
77    function transfer(address to, uint256 amount) public {
78        // No overflow check - can wrap around
79        balances[msg.sender] -= amount;  // Can underflow!
80        balances[to] += amount;          // Can overflow!
81    }
82}
83```
84 
85**Secure Pattern (Solidity >= 0.8.0):**
86 
87```solidity
88// Solidity 0.8+ has built-in overflow/underflow checks
89contract SecureToken {
90    mapping(address => uint256) public balances;
91 
92    function transfer(address to, uint256 amount) public {
93        // Automatically reverts on overflow/underflow
94        balances[msg.sender] -= amount;
95        balances[to] += amount;
96    }
97}
98```
99 
100**For Solidity < 0.8.0, use SafeMath:**
101 
102```solidity
103import "@openzeppelin/contracts/utils/math/SafeMath.sol";
104 
105contract SecureToken {
106    using SafeMath for uint256;
107    mapping(address => uint256) public balances;
108 
109    function transfer(address to, uint256 amount) public {
110        balances[msg.sender] = balances[msg.sender].sub(amount);
111        balances[to] = balances[to].add(amount);
112    }
113}
114```
115 
116### 3. Access Control
117 
118**Vulnerable Code:**
119 
120```solidity
121// VULNERABLE: Anyone can call critical functions
122contract VulnerableContract {
123    address public owner;
124 
125    function withdraw(uint256 amount) public {
126        // No access control!
127        payable(msg.sender).transfer(amount);
128    }
129}
130```
131 
132**Secure Pattern:**
133 
134```solidity
135import "@openzeppelin/contracts/access/Ownable.sol";
136 
137contract SecureContract is Ownable {
138    function withdraw(uint256 amount) public onlyOwner {
139        payable(owner()).transfer(amount);
140    }
141}
142 
143// Or implement custom role-based access
144contract RoleBasedContract {
145    mapping(address => bool) public admins;
146 
147    modifier onlyAdmin() {
148        require(admins[msg.sender], "Not an admin");
149        _;
150    }
151 
152    function criticalFunction() public onlyAdmin {
153        // Protected function
154    }
155}
156```
157 
158### 4. Front-Running
159 
160**Vulnerable:**
161 
162```solidity
163// VULNERABLE TO FRONT-RUNNING
164contract VulnerableDEX {
165    function swap(uint256 amount, uint256 minOutput) public {
166        // Attacker sees this in mempool and front-runs
167        uint256 output = calculateOutput(amount);
168        require(output >= minOutput, "Slippage too high");
169        // Perform swap
170    }
171}
172```
173 
174**Mitigation:**
175 
176```solidity
177contract SecureDEX {
178    mapping(bytes32 => bool) public usedCommitments;
179 
180    // Step 1: Commit to trade
181    function commitTrade(bytes32 commitment) public {
182        usedCommitments[commitment] = true;
183    }
184 
185    // Step 2: Reveal trade (next block)
186    function revealTrade(
187        uint256 amount,
188        uint256 minOutput,
189        bytes32 secret
190    ) public {
191        bytes32 commitment = keccak256(abi.encodePacked(
192            msg.sender, amount, minOutput, secret
193        ));
194        require(usedCommitments[commitment], "Invalid commitment");
195        // Perform swap
196    }
197}
198```
199 
200## Security Best Practices
201 
202### Checks-Effects-Interactions Pattern
203 
204```solidity
205contract SecurePattern {
206    mapping(address => uint256) public balances;
207 
208    function withdraw(uint256 amount) public {
209        // 1. CHECKS: Validate conditions
210        require(amount <= balances[msg.sender], "Insufficient balance");
211        require(amount > 0, "Amount must be positive");
212 
213        // 2. EFFECTS: Update state
214        balances[msg.sender] -= amount;
215 
216        // 3. INTERACTIONS: External calls last
217        (bool success, ) = msg.sender.call{value: amount}("");
218        require(success, "Transfer failed");
219    }
220}
221```
222 
223### Pull Over Push Pattern
224 
225```solidity
226// Prefer this (pull)
227contract SecurePayment {
228    mapping(address => uint256) public pendingWithdrawals;
229 
230    function recordPayment(address recipient, uint256 amount) internal {
231        pendingWithdrawals[recipient] += amount;
232    }
233 
234    function withdraw() public {
235        uint256 amount = pendingWithdrawals[msg.sender];
236        require(amount > 0, "Nothing to withdraw");
237 
238        pendingWithdrawals[msg.sender] = 0;
239        payable(msg.sender).transfer(amount);
240    }
241}
242 
243// Over this (push)
244contract RiskyPayment {
245    function distributePayments(address[] memory recipients, uint256[] memory amounts) public {
246        for (uint i = 0; i < recipients.length; i++) {
247            // If any transfer fails, entire batch fails
248            payable(recipients[i]).transfer(amounts[i]);
249        }
250    }
251}
252```
253 
254### Input Validation
255 
256```solidity
257contract SecureContract {
258    function transfer(address to, uint256 amount) public {
259        // Validate inputs
260        require(to != address(0), "Invalid recipient");
261        require(to != address(this), "Cannot send to contract");
262        require(amount > 0, "Amount must be positive");
263        require(amount <= balances[msg.sender], "Insufficient balance");
264 
265        // Proceed with transfer
266        balances[msg.sender] -= amount;
267        balances[to] += amount;
268    }
269}
270```
271 
272### Emergency Stop (Circuit Breaker)
273 
274```solidity
275import "@openzeppelin/contracts/security/Pausable.sol";
276 
277contract EmergencyStop is Pausable, Ownable {
278    function criticalFunction() public whenNotPaused {
279        // Function logic
280    }
281 
282    function emergencyStop() public onlyOwner {
283        _pause();
284    }
285 
286    function resume() public onlyOwner {
287        _unpause();
288    }
289}
290```
291 
292## Gas Optimization
293 
294### Use `uint256` Instead of Smaller Types
295 
296```solidity
297// More gas efficient
298contract GasEfficient {
299    uint256 public value;  // Optimal
300 
301    function set(uint256 _value) public {
302        value = _value;
303    }
304}
305 
306// Less efficient
307contract GasInefficient {
308    uint8 public value;  // Still uses 256-bit slot
309 
310    function set(uint8 _value) public {
311        value = _value;  // Extra gas for type conversion
312    }
313}
314```
315 
316### Pack Storage Variables
317 
318```solidity
319// Gas efficient (3 variables in 1 slot)
320contract PackedStorage {
321    uint128 public a;  // Slot 0
322    uint64 public b;   // Slot 0
323    uint64 public c;   // Slot 0
324    uint256 public d;  // Slot 1
325}
326 
327// Gas inefficient (each variable in separate slot)
328contract UnpackedStorage {
329    uint256 public a;  // Slot 0
330    uint256 public b;  // Slot 1
331    uint256 public c;  // Slot 2
332    uint256 public d;  // Slot 3
333}
334```
335 
336### Use `calldata` Instead of `memory` for Function Arguments
337 
338```solidity
339contract GasOptimized {
340    // More gas efficient
341    function processData(uint256[] calldata data) public pure returns (uint256) {
342        return data[0];
343    }
344 
345    // Less efficient
346    function processDataMemory(uint256[] memory data) public pure returns (uint256) {
347        return data[0];
348    }
349}
350```
351 
352### Use Events for Data Storage (When Appropriate)
353 
354```solidity
355contract EventStorage {
356    // Emitting events is cheaper than storage
357    event DataStored(address indexed user, uint256 indexed id, bytes data);
358 
359    function storeData(uint256 id, bytes calldata data) public {
360        emit DataStored(msg.sender, id, data);
361        // Don't store in contract storage unless needed
362    }
363}
364```
365 
366## Common Vulnerabilities Checklist
367 
368```solidity
369// Security Checklist Contract
370contract SecurityChecklist {
371    /**
372     * [ ] Reentrancy protection (ReentrancyGuard or CEI pattern)
373     * [ ] Integer overflow/underflow (Solidity 0.8+ or SafeMath)
374     * [ ] Access control (Ownable, roles, modifiers)
375     * [ ] Input validation (require statements)
376     * [ ] Front-running mitigation (commit-reveal if applicable)
377     * [ ] Gas optimization (packed storage, calldata)
378     * [ ] Emergency stop mechanism (Pausable)
379     * [ ] Pull over push pattern for payments
380     * [ ] No delegatecall to untrusted contracts
381     * [ ] No tx.origin for authentication (use msg.sender)
382     * [ ] Proper event emission
383     * [ ] External calls at end of function
384     * [ ] Check return values of external calls
385     * [ ] No hardcoded addresses
386     * [ ] Upgrade mechanism (if proxy pattern)
387     */
388}
389```
390
Preparing the source view

Solidity Security

references/details.md
