Vulnerability Patterns Skill

Reference skill for common Solidity vulnerability patterns. This skill references detailed checklists in the security-audit skill.

When to Use

Use this skill when:

• Learning about common vulnerabilities
• Reviewing code for security issues
• Understanding exploit techniques
• Preventing known vulnerabilities

Related Skills

For comprehensive security auditing, see:

• security-audit: Complete audit methodology and checklists
• testing-patterns: Security testing approaches
• contract-patterns: Secure implementation patterns

Common Vulnerability Categories

Critical Vulnerabilities

1. Reentrancy - See security-audit/checklists/common-vulnerabilities.md

   • Classic reentrancy (same function)
   • Cross-function reentrancy
   • Read-only reentrancy

2. Access Control - See security-audit/checklists/access-control-checklist.md

   • Missing access modifiers
   • Incorrect authorization
   • Privilege escalation

3. Integer Issues - See security-audit/checklists/common-vulnerabilities.md

   • Overflow/underflow (pre-0.8)
   • Division by zero
   • Precision loss

4. Oracle Manipulation - See security-audit/checklists/defi-checklist.md

   • Flash loan attacks
   • Price manipulation
   • Stale price data

High Severity

1. Unchecked External Calls
2. Delegatecall Injection
3. Signature Replay
4. Front-Running
5. Denial of Service

Medium Severity

1. Timestamp Dependence
2. Tx.origin Authentication
3. Floating Pragma
4. Uninitialized Storage

Quick Vulnerability Reference

Reentrancy

// ❌ Vulnerable
function withdraw() public {
    uint amount = balances[msg.sender];
    (bool success, ) = msg.sender.call{value: amount}("");
    balances[msg.sender] = 0;  // Too late!
}

// ✅ Secure
function withdraw() public nonReentrant {
    uint amount = balances[msg.sender];
    balances[msg.sender] = 0;  // Update first
    (bool success, ) = msg.sender.call{value: amount}("");
    require(success);
}

Access Control

// ❌ Missing modifier
function mint(address to, uint amount) public {
    _mint(to, amount);
}

// ✅ Protected
function mint(address to, uint amount) public onlyOwner {
    _mint(to, amount);
}

Integer Overflow

// ❌ Pre-0.8 vulnerable
pragma solidity 0.7.6;
uint256 balance = type(uint256).max;
balance += 1;  // Overflows silently

// ✅ Solidity 0.8+ safe
pragma solidity 0.8.30;
uint256 balance = type(uint256).max;
balance += 1;  // Reverts

Testing for Vulnerabilities

Reentrancy Test

contract Attacker {
    Target public target;

    function attack() external payable {
        target.deposit{value: msg.value}();
        target.withdraw();
    }

    receive() external payable {
        if (address(target).balance > 0) {
            target.withdraw();
        }
    }
}

function test_ReentrancyAttack() public {
    vm.expectRevert();  // Should revert
    attacker.attack{value: 1 ether}();
}

Access Control Test

function test_RevertWhen_UnauthorizedMint() public {
    vm.prank(attacker);
    vm.expectRevert("Ownable: caller is not the owner");
    token.mint(attacker, 1000);
}

Resources

Detailed Vulnerability Information:

• SWC Registry - Smart Contract Weakness Classification
• ConsenSys Best Practices
• Rekt News - DeFi exploit analysis

Related Skills:

• security-audit/checklists/common-vulnerabilities.md - Complete vulnerability checklist
• security-audit/checklists/defi-checklist.md - DeFi-specific vulnerabilities
• security-audit/checklists/upgrade-checklist.md - Upgrade-related issues

---

Note: This is a reference skill. For comprehensive security auditing, use the security-audit skill which contains detailed checklists and methodologies.