Recall & Review
beginner
What is a reentrancy attack in blockchain smart contracts?
A reentrancy attack happens when a contract calls another contract that calls back into the first contract before the first call finishes, allowing the attacker to drain funds repeatedly.
Click to reveal answer
beginner
Why is integer overflow a risk in smart contracts?
Integer overflow occurs when a number exceeds the maximum value a variable can hold, causing it to wrap around and produce incorrect results, which attackers can exploit to manipulate contract logic.
Click to reveal answer
intermediate
What does 'front-running' mean in blockchain transactions?
Front-running is when an attacker observes a pending transaction and submits their own transaction with higher fees to get processed first, gaining unfair advantage.
Click to reveal answer
intermediate
Explain the 'unchecked call' vulnerability.
Unchecked call vulnerability happens when a contract calls another contract without checking if the call succeeded, which can lead to unexpected behavior or loss of funds.
Click to reveal answer
advanced
What is the risk of using tx.origin for authentication?
Using tx.origin for authentication is risky because it can be tricked by phishing attacks where a malicious contract initiates a call, making the contract think the original user authorized it.
Click to reveal answer
What vulnerability allows repeated withdrawal of funds before state updates?
✗ Incorrect
Reentrancy attack lets an attacker call back into the contract before the first call finishes, enabling repeated withdrawals.
Which vulnerability involves numbers wrapping around their max value?
✗ Incorrect
Integer overflow happens when numbers exceed their max limit and wrap around, causing errors.
What is front-running in blockchain?
✗ Incorrect
Front-running is when someone pays higher fees to get their transaction processed before others.
Why is using tx.origin for authentication dangerous?
✗ Incorrect
tx.origin can be manipulated by malicious contracts, making authentication insecure.
What happens if a contract does not check the success of an external call?
✗ Incorrect
Not checking call success can cause unexpected behavior or loss of funds.
Describe three common vulnerability patterns in blockchain smart contracts and how attackers exploit them.
Think about how contracts interact and how attackers can manipulate transaction order or data.
You got /4 concepts.
Explain why using tx.origin for authentication is unsafe and suggest a safer alternative.
Consider who initiates the call and how contracts verify the caller.
You got /3 concepts.