Contracts with several well-known vulnerabilities and their monitors to detect their exploitation.
Reentrancy (SWC-107)
Transaction Order Dependence (SWC-114)
(to be filled in)
We need truffle and ganache-cli for testing.
Note that if you have never tested smart contracts on a local Ethereum network, please take a look at this brief memo.
$ make ganache-start
$ make test-solidity
Caveat
When something goes wrong, it is often the case that ganache needs to be *fully* restarted.
To do so for sure, try the following.
- `make ganache-stop`
- `make clean`
- `make ganache-start`
$ make ganache-start
$ make test-combined
- SmartContractSecurity, "Smart Contract Weakness Classification and Test Cases". (link)
- ConsenSys, "Smart contract best practices". (link)
- hackingdistributed.com, "Analysis of the DAO exploit", 2016. (link)
- Atzei N., Bartoletti M., Cimoli T., "A Survey of Attacks on Ethereum Smart Contracts", 2017. (link)
- trufflesuite.com, "Tutorial: exploiting the DAO", 2016. (link)
- Tim Coulter, "DarkDAO", 2016. (link)