Online Courses
Blockchain Security
Online Courses
Blockchain Security
  • Blockchain Security
  • Fundamentals of Blockchain Security
    • Introduction to blockchain
    • The promises of blockchain
    • Inside the blockchain hype
    • Blockchain structures
    • What is public-key cryptography?
      • How does public-key cryptography work?
      • Public-key cryptography in the blockchain
    • Security assumptions of public-key cryptography
      • Quantum computing
    • Hash function in blockchain
      • Properties of hash functions
      • Hash functions in the blockchain
      • Blockchain security hash key functions
    • Quiz
  • Consensus Algorithm Security
    • Introduction
      • The Byzantine generals problem
      • Security via scarcity
      • Common blockchain consensus algorithms
      • The longest chain rule
    • Proof of work
      • Inside PoW mining
    • Attacking proof of work
      • The 51% attack
      • Denial of service: Artificial difficulty increases
    • Proof of stake
      • Choosing the block creator
    • Attacking PoS consensus
      • XX% attack and the PoS "timebomb"
      • Fake stake attacks
      • Long-range attack
      • Nothing at stake problem
      • Sour milk attack
    • Quiz
  • Blockchain in Action
    • Nodes and network
      • Inside the node
      • How blocks are created
    • Attacking block creation
      • Denial-of-service
      • Frontrunning
      • Selfish mining
      • SPV mining
    • Attacking blockchain nodes
      • Blockchain software misconfiguration
      • Denial of service
      • Malicious transactions
    • Attacking the blockchain network
      • Eclipse attack
      • Routing attack
      • Sybil attack
    • Quiz
  • Smart Contract Security
    • What are smart contracts?
      • Smart contracts
    • General programming vulnerabilities
      • Arithmetic vulnerabilities
      • Right-to-left control character
    • Blockchain vulnerabilities
    • Ethereum vulnerabilities
    • Quiz
  • Beyond the Basics
    • Alternative distributed ledger architectures
      • Introduction to DAGs
      • Introduction to block lattices
      • Introduction to sidechains
    • Second-level blockchain protocols
      • How a state channel works
    • Advanced cryptography in blockchain
      • Multisignatures
      • Zero-knowledge proofs
      • Stealth addresses
      • Ring signatures
      • Commitment schemes
    • Quiz
  • Cumulative Quiz
Powered by GitBook
On this page
  • Question 1
  • Question 2
  • Question 3
  • Question 4
  1. Smart Contract Security

Quiz

Question 1

Which of the following vulnerabilities are specific to the Ethereum blockchain?

Solution

  • Reentrancy

  • Unchecked return values

Question 2

Which of the following is more of a design issue than an implementation issue?

NOT - Timestamp

NOT - Uncheked

Solution

  • Frontrunning

Frontrunning vulnerabilities exist when a smart contract is designed based off of a "first come, first served" model, there is no flaw in the implementation that makes code vulnerable.

Question 3

This code sample includes which of the following vulnerabilities?

function initContract() public {
    owner = msg.sender
}
Solution

Access control

Question 4

This code sample includes which of the following vulnerabilities?

contract King is Ownable {
    address public king;
    uint public prize;
    
    function King() public payable {
        king = msg.sender;
        prize = msg.value;
    }
    
    function() external payable {
        require(msg.value >= value || msg.value == owner);
        king.transfer(msg.value);
        king = msg.sender;
        prize = msg.value;        
    }
}
Solution

  • Frontrunning

The code is vulnerable to frontrunning (because order of calls matters) and contains an access control vulnerability (King() does not test if it has been called multiple times).

PreviousEthereum vulnerabilitiesNextAlternative distributed ledger architectures

Last updated 8 months ago