Exploitations¶
Note that this is a preliminary exhibition, thus we will not provide all vulnerabilities we found. More instances with exploitation codes will be added in the future.
To avoid the malicious usage of vulnerabilities and in consideration of warranty of community security, the whole vulnerability database will be published in the future, when we would have handled ethical and legal issues and done proper normalizations.
Reentrancy
| Index | Reported By | Deployment Address | Tx Counts | Code |
| 01 | Oyente, D.B. | 0x99b001735036d937b4a11c17a9a44.. | 2 | [here] |
| 02 | Oyente, D.B. | 0x5f22fcb251ec7497201cc1f91ed82.. | 13 | [here] |
| 03 | Oyente, D.B. | 0xffa5d49dc77dec17aeaaa3580c7c1.. | 8 | [here] |
| 06 | Oyente, D.B. | 0x90263ea5c57dc6603ca7202920735.. | 134 | [here] |
| 07 | Slither, D.B. | 0x78a0cb3acb32bec25ee64408ded20.. | 0 | [here] |
| 08 | D.B. | 0xb1998ca4a564d7d42d0468426bb5f.. | 9 | [here] |
| 09 | D.B. | 0xba14b64a82cbf58622f2f38961352.. | 3 | [here] |
| 10 | D.B. | 0xc1e3ec94dcd86c5cc17cfc116ae43.. | 47 | [here] |
| 11 | D.B. | 0x43c9b7b7ce699ac2c1d3aad3b5a78.. | 441 | [here] |
| 12 | D.B. | 0xc218f45a42c41dc638d613927fe0d.. | 4 | [here] |
| 13 | D.B. | 0x618e9fba148f6583825a67f26f606.. | 1 | [here] |
| 14 | D.B. | 0x9482a18ed523b1a2f097b480d3885.. | 5 | [here] |
| 15 | Slither, Oyente, D.B. | 0x2628e13a3cbdc52ed96b4b8d6b104.. | 24 | [here] |
| 18 | Slither, D.B. | 0x73e399056058166662a81b94b2462.. | 4 | [here] |
| 20 | D.B. | 0x9e8252b6db9a604c2e89b01b1573b.. | 10 | [here] |
| 21 | D.B. | 0x8678b5fb41d87f4bec43b3142bce8.. | 3109 | [here] |
| 22 | D.B. | 0xa483d6f4eea5b29eedb7d9709e0fd.. | 1 | [here] |
Abuse of Tx-origin
| Index | Reported By | Deployment Address | Tx Counts |
| 1 | Slither, S.C., D.B. | 0x4f6d6fdaf267894fbeb57c1f4eb2f… | 3 |
| 2 | Slither, S.C., D.B. | 0xeb547ed1D8A3Ff1461aBAa7F0022F… | 1244 |
| 3 | Slither, S.C., D.B. | 0x2bb4bacbb7cc6186454253dab673e… | 4 |
| 4 | Slither, S.C., D.B. | 0x62edb11263cd775d549a9d9e38980… | 169 |
| 5 | Slither, S.C., D.B. | 0x7910c579172c2d094d9813993e8b5… | 1 |
Unchecked Low-level-call
| Index | Reported By | Deployment Address | TX Counts | Code |
| 1 | Smartcheck, D.B. | 0xbebbfe5b549f5db6e6c78ca97cac1… | 3 | [here] |
| 2 | Smartcheck, D.B. | 0x173ee6e41bf96c0a1c58bc4c31699… | 3 | [here] |
| 3 | Smartcheck, D.B. | 0xcc3a2773941eb0c79b66f86163a8a… | 413 | [here] |
| 4 | Smartcheck, D.B. | 0x763a1f49160f947563a3a57f6f979… | 4 | [here] |
Unexpected Revert
| Index | Reported By | Deployment Address | Tx Counts | Code |
| 1 | D.B. | 0x6dbedc242428353601429f29da7bd… | 555 | [here] |
| 2 | D.B. | 0x46d7f2fc523728670e1eb7184a7c8… | 6 | [here] |
| 3 | D.B. | 0x8ac132345132d3c36b55b375f04d2… | 37 | [here] |
| 4 | Slither, S.C., D.B. | 0xa46d6689bb3f055cb8e8228498760… | 9 | [here] |
| 5 | Slither, S.C., D.B. | 0x877fc4cf32fe40cd658dc186fa24d… | 140 | [here] |
| 6 | Slither, S.C., D.B. | 0x1e6f116ca704277c97595316ac157… | 50 | [here] |
| 7 | Slither, S.C., D.B. | 0xa485a4bbbd026cf0c49844ef617bd… | 1 | [here] |
| 8 | Slither, S.C., D.B. | 0x19b115365671a818ed62aa326d91e… | 27 | [here] |
Self-destruct Abusing
| Index | Reported By | Deployment Address | Tx Counts | Code |
| 1 | Slither, D.B. | 0x380e0f015c0a830dc5d25e5f99570… | 8 | [Here] |
| 2 | Slither, D.B. | 0x19c630bb6d3e7c2cfe77e2a73627c… | 2 | [here] |
| 3 | Slither, D.B. | 0x4ed184d6a9e449ecb984cb1fea7ed… | 2 | [here] |
| 4 | Slither, D.B. | 0xd1b5cb3a6ea812c8c444e8d7d5692… | 2 | [here] |
| 5 | Slither, D.B. | 0x6560fc67eaca384f1d936f7233a8e… | 3 | [here] |
To illustrate the effectiveness of our work on Ethereum community security, we collect the transaction count (namely Tx Count) of vulnerable deployed smart contracts. There are contracts been interacted frequently, contracts been seldom used and contracts never been activated. Among these contracts, our tool has found out most of them, as shown in the following figure.
