Blockchain / Solidityprogramming~7 mins

Common vulnerability patterns in Blockchain / Solidity

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Knowing common vulnerability patterns helps keep blockchain programs safe. It stops bad actors from stealing or breaking things.

When writing smart contracts to protect user funds.

When reviewing blockchain code for security before deployment.

When learning how hackers might attack blockchain apps.

When fixing bugs that could cause loss of tokens.

When designing new blockchain features that handle money.

Syntax

Blockchain / Solidity

No single syntax applies; these are patterns to watch for in blockchain code.

Vulnerabilities often come from how code is written, not special commands.

Patterns include reentrancy, integer overflow, and improper access control.

Examples

This code lets attackers call withdraw repeatedly before balance updates, stealing funds.

Blockchain / Solidity

// Reentrancy vulnerability example in Solidity
contract Vulnerable {
    mapping(address => uint) public balances;

    function withdraw(uint _amount) public {
        require(balances[msg.sender] >= _amount);
        (bool success, ) = msg.sender.call{value: _amount}("");
        require(success);
        balances[msg.sender] -= _amount;
    }
}

Adding 1 to 255 overflows and resets count to 0, causing wrong behavior.

Blockchain / Solidity

// Integer overflow example in Solidity
contract Overflow {
    uint8 public count = 255;

    function increment() public {
        count += 1; // Overflows back to 0
    }
}

Anyone can call setSecret and change the secret, which should be restricted.

Blockchain / Solidity

// Missing access control example
contract OpenAccess {
    string public secret;

    function setSecret(string memory _secret) public {
        secret = _secret; // Anyone can change secret
    }
}

Sample Program

This contract fixes the reentrancy problem by updating the balance before sending money.

Blockchain / Solidity

// Safe withdrawal example preventing reentrancy
pragma solidity ^0.8.0;

contract Safe {
    mapping(address => uint) public balances;

    function deposit() public payable {
        balances[msg.sender] += msg.value;
    }

    function withdraw(uint _amount) public {
        require(balances[msg.sender] >= _amount, "Insufficient balance");
        balances[msg.sender] -= _amount; // Update balance first
        (bool success, ) = msg.sender.call{value: _amount}("");
        require(success, "Transfer failed");
    }
}

OutputSuccess

Important Notes

Always update state variables before calling external contracts to avoid reentrancy.

Use Solidity version 0.8.0 or higher to get built-in overflow checks.

Restrict sensitive functions with access control like 'onlyOwner' modifiers.

Summary

Common vulnerabilities include reentrancy, integer overflow, and missing access control.

Fix reentrancy by updating balances before external calls.

Use modern Solidity versions to prevent overflow bugs automatically.