Vulnerability

A list of supporting oracles

sFuzz currently is able to detect 9 vulnerabilities: gasless send, exception disorder, reentrancy,timestamp dependency, blocknumber dependency, dangerous delegatecall , freezing ether, integer overflow, integer underflow

Details of these vulnerabilities are described in table bellow

Types

Oracles

When a vulnerability is detected

Why it is vulnerable

Error

Gasless Send

Function send or transfer is called and receiver has a costly fallback function

RunOufOfGasexception

Error

Exception Disorder

There is exception in the call chain but the .These functions hide exceptions

root of the call chain does not throw exception

Error

Timestamp Dependency

The test case evaluates a condition based on timestamp and then sends ether

Miners control the values of timestamp

Error

Block Number Dependency

The test case evaluates a condition based on block number and then sends ether

Miners control the values of block number.

Error

Danger Delegate Call

delegatecall is executed via msg.data.

The attacker can call any function.

Error

Reentrancy

A contract function is called via fallback function from another contract and sends ether.

refer to the DAO vulnerability

Error

Integer Overflow/Underflow

If b >0 and a + b < a or b > 0 and a − b > b or ···

arithmetic error

Warning

Freezing Ether

After all test case, nosend()ortransf er() function is executed

The contract is a blackhole for ether

Your contract is vulnerable if oracle yields section of sFuzz turn on found flag instead of none. Carefully check it

PreviousOutput Format NextsFuzz Ouputs

Last updated 6 years ago

Was this helpful?

Vulnerability

A list of supporting oracles

Details of these vulnerabilities are described in table bellow

Types

Oracles

When a vulnerability is detected

Why it is vulnerable

Error

Gasless Send

Function send or transfer is called and receiver has a costly fallback function

RunOufOfGasexception

Error

Exception Disorder

There is exception in the call chain but the .These functions hide exceptions

root of the call chain does not throw exception

Error

Timestamp Dependency

The test case evaluates a condition based on timestamp and then sends ether

Miners control the values of timestamp

Error

Block Number Dependency

The test case evaluates a condition based on block number and then sends ether

Miners control the values of block number.

Error

Danger Delegate Call

delegatecall is executed via msg.data.

The attacker can call any function.

Error

Reentrancy

A contract function is called via fallback function from another contract and sends ether.

refer to the DAO vulnerability

Error

Integer Overflow/Underflow

If b >0 and a + b < a or b > 0 and a − b > b or ···

arithmetic error

Warning

Freezing Ether

After all test case, nosend()ortransf er() function is executed

The contract is a blackhole for ether

Your contract is vulnerable if oracle yields section of sFuzz turn on found flag instead of none. Carefully check it

PreviousOutput Format NextsFuzz Ouputs

Last updated 6 years ago

Was this helpful?