All Questions
17 questions
0
votes
1
answer
56
views
Is it possible for two users to receive the same nonce-generated ID in a Solidity smart contract?
I have a smart contract deployed on the Ethereum blockchain where each user who interacts with a specific function is assigned an ID based on a nonce value stored in the contract. The nonce is ...
0
votes
1
answer
28
views
Is delegatecall to another contract really same as calling the function as if it were the part of calling contract?
When a contract makes a delegatecall, the code at the target address is executed in the context of the calling contract. This means that the storage, state variables, and functions of the calling ...
3
votes
1
answer
883
views
What is a returnbomb attack?
I've read that when making an external call to an unknown contract, if the contract returns a large amount of random or junk byte it will cause some type of bug. But I dont know exact what it is and ...
- 71
0
votes
1
answer
112
views
Gas griefing in "typed" external calls
I was wondering whether the "insufficient gas griefing attack" is possible in cases when the external call is a typed call rather than an inline call with lower level utility functions (i.e. ...
- 1,554
1
vote
2
answers
146
views
Is ChainLink's VRF susceptible to a 51% attack?
I do not know all of the details of how ChainLink's nodes and oracles work (hence why I am on here) but I did a little research on my own. According to a Gemini blog post by Cryptopedia, chainlink ...
- 292
6
votes
0
answers
239
views
Kademlia: How does Ethereum uses node discovery protocol to avoid sybil/eclipse attacks?
I want to describe a case that's not clear to me. let's say we have 10 peer validator nodes who reach consensus and agree to store some blocks on their chain. Let's say now that a wallet wants to sync ...
0
votes
1
answer
134
views
How do these 2 functions differ in terms of security?
How are these 2 functions different in terms of security, there was a question on a forum and i don't understand
function emergencyWithdraw(uint256 _pid) public {
PoolInfo storage pool = poolInfo[...
- 1
0
votes
1
answer
155
views
Security considerations: using events to trigger offchain actions
I need to trigger a sensitive offchain action based on a users interaction with my smart contract.
My current approach is to emit and event (Trigger(msg.sender, 123)) and then use a filterQuery with ...
- 152
10
votes
3
answers
890
views
Commit-Reveal contract still vulnerable to front running. How can it be improved?
I'm writing a contract and I want to shield it from front-running as best as it can possible be done (obviously, fully preventing front running would be ideal). My implementation is very similar to ...
- 103
2
votes
1
answer
399
views
how do we use `commit/reveal` to count votes?
Let's say we are doing an election and it's easy to note that we need commit/reveal scheme to hide votes.
So, we store hashes while users commit their votes. Now, let's say the election is over. How ...
- 1,185
4
votes
3
answers
2k
views
how does commit/reveal solve front-running?
I am trying to make sure I understand something correctly, so I will pose a problem with a solution.
Problem:
Let's say commit has been called. After this, we call the reveal. attacker listens to ...
- 1,185
0
votes
2
answers
1k
views
how can we stop front running for `approve` [duplicate]
function approve(address _spender, uint256 _value) returns (bool success)
This is the ordinary ERC20 approval method. It's easy to figure out that we have a problem of front-running.
Alice gives ...
- 1,185
0
votes
1
answer
61
views
DaoAttack not working
I am trying to replicate the famous DAO attack for a cryptocurrencies course.
I have the following contract already deployed on the blockchain.
pragma solidity ^0.5.4;
contract EDao {
address ...
- 35
0
votes
1
answer
94
views
Transaction Timing Implications for Reentry Attacks
This is the classic reentry attack:
function withdrawBalance() public {
uint amountToWithdraw = userBalances[msg.sender];
(bool success, ) = msg.sender.call.value(amountToWithdraw)("");
...
- 711
1
vote
2
answers
462
views
What is the work of self destruct in a contract?
How it can be used for handling force sending of ether to a contract without triggering fallback function ?
- 835
0
votes
0
answers
173
views
A couple of questions on the Short Address attack
I have a few questions on the Short Address attack:
Is it possible to apply this attack on a function which does not take encoded byte-code as input and execute it, for example - function func(bytes ...
- 26.2k
2
votes
3
answers
266
views
Are Ethereum Contracts Vulnerable to Hash Table Poisoning Attacks?
Does anybody know something about this? I know that in general terms we will say not, but looking on the internet I found that isn't sure the answer to the question:
Can the EVM’s Internal ...
- 2,835