The only things that truly do not change in a smart contract even with proxies concepts are state variables. However, not carefully using them in a smart contract could lead to some serious vulnerabilities. One of those vulnerabilities is called state variables shadowing. Therefore, what is smart contract shadowing state variables vulnerability? Smart contract shadowing state variables vulnerability happens when the same variable is declared in two places in the contract. This behavior results in important data alteration which could have a dangerous impact on the business logic. This vulnerab ..read more

Making an audit against a smart contract is a great thing. However, finding vulnerabilities without fixing them is useless. Unfortunately, smart contracts are immutable by design, which means that once the smart contract is deployed, it cannot be changed. So how to fix a smart contract? To fix a vulnerable smart contract you should follow the next steps: Prepare your contract Deploy your contract Deploy the proxy Connect your proxy to that contract Deploy the new version Connect the proxy to the new contract Repeat 5 and 6 for every upgrade Proxies are only one of the possible techniques to ..read more

To be able to perform the different tasks and execute the operations in its source code, smart contracts require a certain level of gas. This gas is paid by the user that tries to execute the smart contract using a transaction. However, when the user does not send enough gas for his operation, bad things could happen to the smart contract, if it does not manage this correctly. Therefore, what is a smart contract gas griefing attack? A gas griefing attack happens when a user sends the amount of gas required to execute the target smart contract, but not its sub calls. In most cases, this results ..read more

The transaction life cycle in most Blockchain technologies is mainly controlled by miners, even the order of the transactions. Therefore, when two users execute two different transactions at the same or closer time then only their gas fees will judge who will be executed first. This concept creates a vulnerability in smart contracts. So what is a transaction order dependence attack in smart contract? The transaction order dependence attack in smart contract also called the Front Running attack, happens when a smart contract requires that, two transactions should be submitted and executed in th ..read more

In June 17, 2016 the most famous DAO platform developed by solidity language was victim to a big hack that make it lose more than 3.6 million Ether. The attacker has exploited a vulnerability called reentrancy in the smart contract that managed the platform. So what is a reentrancy attack in solidity? The reentrancy vulnerability happens when a smart contract tends to interact with another address before reacting to its variables. Therefore, the attacker continuously calls the same function and drains money from it without allowing the smart contract to react to its variables. In this blog pos ..read more

During the development of a smart contract, programmers may need to know the exact time to be able to execute some actions. Therefore, smart contract developers use what we call a timestamp offered by the node executing the smart contract. However, this may cause create multiple vulnerabilities that can cause a huge financial loss. So what is timestamp dependence vulnerability? The timestamp dependence vulnerability happens when the smart contract relies on the value of the block timestamp value to execute an operation. The value of the timestamp is generated by the node executing the smart co ..read more

Honeypot programs are one of the best tools that security researchers have ever made to study the new or unknown hacking techniques used by attackers. Therefore, using honeypots in smart contract could be a very good idea to study those attacks. So what is honeypot in smart contract? Honeypots in the Blockchain industry is an intentionally vulnerable smart contract that was made to push attackers to exploit its vulnerability. The idea is to convince attackers or even simple users to send a small portion of cryptocurrency to the contract to exploit it, then lock those ethers in the contract.&nb ..read more