Blockchain / Solidityprogramming~30 mins

Common vulnerability patterns in Blockchain / Solidity - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Common Vulnerability Patterns in Blockchain Smart Contracts

📖 Scenario: You are a blockchain developer learning about common security issues in smart contracts. Understanding these vulnerabilities helps you write safer code and protect users' assets.

🎯 Goal: Build a simple smart contract example that demonstrates a common vulnerability pattern and then fix it step-by-step.

📋 What You'll Learn

Create a smart contract with a vulnerable function

Add a configuration variable to control access

Implement the core logic that shows the vulnerability

Print or return the result demonstrating the vulnerability and its fix

💡 Why This Matters

🌍 Real World

Smart contracts control valuable assets on blockchains. Understanding vulnerabilities helps prevent hacks and loss of funds.

💼 Career

Blockchain developers must know common security patterns to write safe contracts and pass security audits.

Progress0 / 4 steps

Create a vulnerable smart contract with a balance mapping

Create a Solidity contract named VulnerableContract with a public mapping balances from address to uint. Initialize the contract with a constructor that sets the deployer's balance to 1000.

Blockchain / Solidity

contract VulnerableContract {
    mapping(address => uint) public balances;
    
    constructor() {
        // Your code here
    }
}

Need a hint?

Use mapping(address => uint) public balances; and set balances[msg.sender] = 1000; inside the constructor.

Add an owner variable to control access

Add a public address variable called owner to the contract. Set owner to msg.sender inside the constructor.

Blockchain / Solidity

contract VulnerableContract {
    mapping(address => uint) public balances;
    address public owner;
    
    constructor() {
        balances[msg.sender] = 1000;
        // Your code here
    }
}

Need a hint?

Declare address public owner; and assign owner = msg.sender; in the constructor.

Add a withdraw function vulnerable to reentrancy

Add a public function withdraw(uint amount) that sends amount of ether to msg.sender using call. Subtract amount from balances[msg.sender] after sending. This function is vulnerable to reentrancy attacks.

Blockchain / Solidity

contract VulnerableContract {
    mapping(address => uint) public balances;
    address public owner;
    
    constructor() {
        owner = msg.sender;
        balances[msg.sender] = 1000;
    }

    function withdraw(uint amount) public {
        // Your code here
    }
}

Need a hint?

Use require to check balance, then send ether with call, then subtract amount from balances[msg.sender].

Fix the reentrancy vulnerability by updating balance before sending

Modify the withdraw function to subtract amount from balances[msg.sender] before calling msg.sender.call. Then print a message "Withdrawal successful".

Blockchain / Solidity

contract VulnerableContract {
    mapping(address => uint) public balances;
    address public owner;
    
    constructor() {
        owner = msg.sender;
        balances[msg.sender] = 1000;
    }

    function withdraw(uint amount) public {
        // Your code here
    }
}

Need a hint?

Subtract balance before sending ether. Use an event WithdrawalSuccessful to print the success message.