In this video, we will examine a Solidity smart contract that is vulnerable to uint overflow and underflow.

#Solidity #Overflow #Underflow

Code: https://solidity-by-example.org/hacks/overflow/
References
https://github.com/ethereumbook/ethereumbook/blob/develop/09smart-contracts-security.asciidoc
https://solidity-05.ethernaut.openzeppelin.com/

Remix IDE: http://remix.ethereum.org
Solidity: https://solidity.readthedocs.io

Follow on Twitter: @ProgrammerSmart https://twitter.com/ProgrammerSmart
Join me on Discord: https://discord.gg/Ny8sPaj
Website: https://smartcontractprogrammer.com

Did you know that there is a hack to forcefully send Ether to any contract, even if the receiving contract does not have any payable fallback or payable function? In this video, I will explain how this can be done and also show you how to protect your contract from this hack.

#Solidity #selfdestruct #hack

Code: https://solidity-by-example.org/hacks/self-destruct/
References
https://github.com/ethereumbook/ethereumbook/blob/develop/09smart-contracts-security.asciidoc
https://solidity-05.ethernaut.openzeppelin.com/

Remix IDE: http://remix.ethereum.org
Solidity: https://solidity.readthedocs.io

Follow on Twitter: @ProgrammerSmart https://twitter.com/ProgrammerSmart
Join me on Discord: https://discord.gg/Ny8sPaj
Website: https://smartcontractprogrammer.com

Never store sensitive data in a private state variable. Private state variable are not accessible by other contracts, but since everything on the blockchain is public data, we are available to get that private data. Let's see how.

#Solidity #private #hack #EVM #storage-layout

Code: https://solidity-by-example.org/hacks/accessing-private-data/
Truffle project used in this video
https://github.com/t4sk/solidity-multi-sig-wallet

References
https://github.com/ethereumbook/ethereumbook/blob/develop/09smart-contracts-security.asciidoc
https://solidity-05.ethernaut.openzeppelin.com/

Remix IDE: http://remix.ethereum.org
Solidity: https://solidity.readthedocs.io

Follow on Twitter: @ProgrammerSmart https://twitter.com/ProgrammerSmart
Join me on Discord: https://discord.gg/Ny8sPaj
Website: https://smartcontractprogrammer.com

What can go wrong when you forget that delegatecall preserves context? One exploit that is possible from an unsafe delegatecall is to bypass any access control and directly update state variables. In this video I will show you how to update a state variable although the smart contract does not have any function to update it.

#Solidity #delegatecall #hack

Code: https://solidity-by-example.org/hacks/delegatecall/

References
https://github.com/ethereumbook/ethereumbook/blob/develop/09smart-contracts-security.asciidoc
https://solidity-05.ethernaut.openzeppelin.com/

Remix IDE: http://remix.ethereum.org
Solidity: https://solidity.readthedocs.io

Follow on Twitter: @ProgrammerSmart https://twitter.com/ProgrammerSmart
Join me on Discord: https://discord.gg/Ny8sPaj
Website: https://smartcontractprogrammer.com

What can go wrong when delegatecall is used to update storage, but the storage layout is not the same between contracts? In this video I will show you an example of a contract vulnerable to unsafe delegatecall.

#Solidity #delegatecall #hack

Code: https://solidity-by-example.org/hacks/delegatecall/

References
https://github.com/ethereumbook/ethereumbook/blob/develop/09smart-contracts-security.asciidoc
https://solidity-05.ethernaut.openzeppelin.com/

Remix IDE: http://remix.ethereum.org
Solidity: https://solidity.readthedocs.io

Follow on Twitter: @ProgrammerSmart https://twitter.com/ProgrammerSmart
Join me on Discord: https://discord.gg/Ny8sPaj
Website: https://smartcontractprogrammer.com

There is no easy way to generate a random number inside Solidity. You might think of using block hash and timestamp for the sources of randomness. But hold on! In this video I will explain how they can easily be computed from other smart contracts.

#Solidity #randomness #hack #blockhash #blocktimestamp

Code: https://solidity-by-example.org/hacks/randomness/

References
https://github.com/ethereumbook/ethereumbook/blob/develop/09smart-contracts-security.asciidoc
https://solidity-05.ethernaut.openzeppelin.com/

Remix IDE: http://remix.ethereum.org
Solidity: https://solidity.readthedocs.io

Follow on Twitter: @ProgrammerSmart https://twitter.com/ProgrammerSmart
Join me on Discord: https://discord.gg/Ny8sPaj
Website: https://smartcontractprogrammer.com

Many Solidity smart contracts allows the caller to withdraw Ether instead of having the smart contract send Ether to the caller. This is called Push vs Pull in smart contract designs. By designing your smart contract to use the pull pattern, you avoid a denial of service attack that is possible on contracts that push Ether. In this video I will explain how a contract that sends Ether can be vulnerable to denial of service.

#Solidity #denialOfService #DOS #hack #PushVsPull

Code: https://solidity-by-example.org/hacks/denial-of-service/

References
https://github.com/ethereumbook/ethereumbook/blob/develop/09smart-contracts-security.asciidoc
https://solidity-05.ethernaut.openzeppelin.com/

Remix IDE: http://remix.ethereum.org
Solidity: https://solidity.readthedocs.io

Follow on Twitter: @ProgrammerSmart https://twitter.com/ProgrammerSmart
Join me on Discord: https://discord.gg/Ny8sPaj
Website: https://smartcontractprogrammer.com

Phishing is a cyber attack where the attacker disguises as a trusty-worthy entity and tricks an user into doing something harmful. Watch this video to learn how tx.origin can be vulnerable to phishing.

#Solidity #phishing #hack #txorigin

Code: https://solidity-by-example.org/hacks/phishing-with-tx-origin/

References
https://github.com/ethereumbook/ethereumbook/blob/develop/09smart-contracts-security.asciidoc
https://solidity-05.ethernaut.openzeppelin.com/

Remix IDE: http://remix.ethereum.org
Solidity: https://solidity.readthedocs.io

Follow on Twitter: @ProgrammerSmart https://twitter.com/ProgrammerSmart
Join me on Discord: https://discord.gg/Ny8sPaj
Website: https://smartcontractprogrammer.com

Contracts deployed on the blockchain are bytecode, difficult for us to read. On etherscan.io, you can verify that a source code compiles to the bytecode that was deploy. So you can review the code. However there is a way to have a code verified on etherscan.io and hide a malicious code. In this video I will show you how

#Solidity #hidingMaliciousCode #hack #txorigin

Code: https://solidity-by-example.org/hacks/hiding-malicious-code-with-external-contract/

References
https://github.com/ethereumbook/ethereumbook/blob/develop/09smart-contracts-security.asciidoc
https://solidity-05.ethernaut.openzeppelin.com/

Remix IDE: http://remix.ethereum.org
Solidity: https://solidity.readthedocs.io

Follow on Twitter: @ProgrammerSmart https://twitter.com/ProgrammerSmart
Join me on Discord: https://discord.gg/Ny8sPaj
Website: https://smartcontractprogrammer.com

Honeypot is a way to catch hackers trying to break into your contract. In this video we will code a contract that looks vulnerable to reentrancy attack but actually isn't.

#Solidity #Honeypot #hack

Code: https://solidity-by-example.org/hacks/honeypot/

References
https://github.com/ethereumbook/ethereumbook/blob/develop/09smart-contracts-security.asciidoc
https://solidity-05.ethernaut.openzeppelin.com/

Remix IDE: http://remix.ethereum.org
Solidity: https://solidity.readthedocs.io

Follow on Twitter: @ProgrammerSmart https://twitter.com/ProgrammerSmart
Join me on Discord: https://discord.gg/Ny8sPaj
Website: https://smartcontractprogrammer.com