Vulnerability
A list of supporting oracles
Last updated
A list of supporting oracles
Last updated
sFuzz currently is able to detect 9 vulnerabilities: gasless send, exception disorder, reentrancy,timestamp dependency, blocknumber dependency, dangerous delegatecall , freezing ether, integer overflow, integer underflow
Details of these vulnerabilities are described in table bellow
Your contract is vulnerable if oracle yields section of sFuzz turn on found flag instead of none. Carefully check it
Types
Oracles
When a vulnerability is detected
Why it is vulnerable
Error
Gasless Send
Function send or transfer is called and receiver has a costly fallback function
RunOufOfGasexception
Error
Exception Disorder
There is exception in the call chain but the .These functions hide exceptions
root of the call chain does not throw exception
Error
Timestamp Dependency
The test case evaluates a condition based on timestamp and then sends ether
Miners control the values of timestamp
Error
Block Number Dependency
The test case evaluates a condition based on block number and then sends ether
Miners control the values of block number.
Error
Danger Delegate Call
delegatecall is executed via msg.data.
The attacker can call any function.
Error
Reentrancy
A contract function is called via fallback function from another contract and sends ether.
refer to the DAO vulnerability
Error
Integer Overflow/Underflow
If b >0 and a + b < a or b > 0 and a − b > b or ···
arithmetic error
Warning
Freezing Ether
After all test case, nosend()ortransf er() function is executed
The contract is a blackhole for ether