Zokyo Auditing Tutorials
  • ๐Ÿ”Zokyo Auditing Tutorials
  • ๐Ÿ“šTutorials
    • ๐ŸƒTutorial 1: Front-Running
      • ๐Ÿš€Prerequisites
      • ๐Ÿ“˜Understanding Front-Running
      • ๐Ÿ‘“Examples
      • โš’๏ธMitigation Steps
      • ๐ŸฆResource Bank to more front running examples
      • ๐ŸคFront-Running Conclusion
    • ๐ŸงฑTutorial 2: Unsafe Casting
      • ๐Ÿš€Prerequisites
      • ๐Ÿ“˜Understanding Casting
      • ๐Ÿ‘“Examples
      • ๐ŸคUnsafe Casting Conclusion
    • ๐Ÿ‘Tutorial 3: Approvals and Safe Approvals
      • ๐Ÿš€Prerequisites
      • ๐Ÿ“˜Understanding Approvals
      • ๐Ÿ‘“Vulnerability Examples
        • ๐Ÿ”ERC20 Approval Reset Requirement
        • ๐Ÿ˜ดIgnoring Return Values from ERC20 approve() Function: Potential Miscount of Successful Approvals
        • ๐ŸšซImproper use of Open Zeppelins safeApprove() for Non-zero Allowance Increments
        • ๐ŸฅพOmitted Approval for Contract Interactions Within a Protocol
        • ๐Ÿคฆโ€โ™‚๏ธFailing to Reset Token Approvals in Case of Failed Transactions or other actions
        • ๐Ÿ’ญMiscellaneous
        • ERC20 Approve Race Condition Vulnerability
      • โš’๏ธSpot the Vulnerability
      • ๐ŸคApprovals and Safe Approvals Conclusion
    • โ›“๏ธTutorial 4: Block.chainid, DOMAIN_SEPARATOR and EIP-2612 permit
      • ๐Ÿš€Prerequisites
      • ๐Ÿ“˜Understanding Block.chainid and DOMAIN_SEPARATOR
      • ๐Ÿ‘“Examples
      • โš’๏ธGeneral Mitigation Steps
      • ๐ŸคTutorial 4 Conclusion
  • ๐Ÿ’ฐTutorial 5: Fee-On-Transfer Tokens
    • ๐Ÿš€Prerequisites
    • ๐Ÿ“˜Understanding Fee-On-Transfer
    • ๐Ÿ‘“Examples
    • ๐Ÿ“˜Links to more fee-on-transfer vulnerability examples
    • ๐ŸคFee-On-Transfer Tokens: Conclusion
  • ๐ŸŒดTutorial 6: Merkle Trees
    • ๐Ÿš€Prerequisites
    • ๐Ÿ“˜Understanding Merkle Trees
    • ๐Ÿ”ŽVerification within a Merkle Tree:
    • ๐Ÿ“œMerkle Proofs Within Smart Contracts
    • ๐Ÿ–‹๏ธMerkle Proof Solidity Implementation
    • ๐Ÿ›‘Vulnerabilities When Using Merkle Trees
    • ๐Ÿ’€Example Vulnerabilities
    • ๐Ÿง Exercise
    • ๐ŸคMerkle Trees Conclusion
  • ๐ŸŒณTutorial 7: Merkle-Patricia Trees
    • ๐Ÿš€Prerequisites
    • ๐Ÿ“˜Understanding Merkle-Patricia Trees
    • ๐Ÿ“•Understanding Merkle-Patrica Trees pt.2
    • ๐Ÿ”ŽVerification within a Merkle-Patricia Tree
    • ๐Ÿ›‘Vulnerabilities When Using Merkle-Patricia Trees
    • ๐Ÿ’€Example Vulnerability
    • ๐ŸคMerkle-Patricia Trees: Conclusion
  • ๐Ÿ”Tutorial 8: Reentrancy
    • ๐Ÿš€Prerequisites
    • ๐Ÿ“˜Understanding Reentrancy
    • โš’๏ธMitigation
    • ๐Ÿ’€The DAO Hack: An In-depth Examination
    • ๐Ÿ‘“Examples
    • ๐ŸฆResource Bank To More Reentrancy Examples
    • ๐ŸคConclusion: Reflecting on the Reentrancy Vulnerability
  • ๐Ÿ”‚Tutorial 9: Read-Only Reentrancy
    • ๐Ÿš€Prerequisites
    • ๐Ÿ“˜Understanding Read-Only Reentrancy
    • ๐Ÿ”จMitigating Read-Only Reentrancy
    • ๐Ÿ‘“Real World Examples
    • ๐ŸฆResource Bank To More Reentrancy Examples
    • ๐ŸคRead-Only Reentrancy: Conclusion
  • ๐Ÿš†Tutorial 10: ERC20 transfer() and safeTransfer()
    • ๐Ÿš€Prerequisites
    • ๐Ÿ“˜Understanding ERC20 transfer() and safeTransfer()
    • ๐Ÿ‘“Examples
    • ๐ŸคConclusion
  • ๐Ÿ“žTutorial 11: Low level .call(), .transfer() and .send()
    • ๐Ÿš€Prerequisites
    • ๐Ÿ“˜Understanding .call, .transfer, and .send
    • ๐Ÿ›‘Understanding the Vulnerabilities of .transfer and .send
    • ๐Ÿ‘“Examples
    • ๐ŸคLow level .call(), .transfer() and .send() conclusion
  • โ˜Ž๏ธTutorial 12: Delegatecall Vulnerabilities in Precompiled Contracts
    • ๐Ÿš€Prerequisites
    • ๐Ÿ“ณUnderstanding Delegatecall
    • โ›ฐ๏ธEVM, L2s, Bridges, and the Quest for Scalability
    • ๐Ÿ—๏ธUnderstanding Precompiles in the Ethereum Virtual Machine (EVM)
    • ๐Ÿ’ปCustom Precompiles
    • ๐Ÿ’€Potential Vulnerabilities in EVM Implementations: Overlooked DelegateCall in Precompiled Contracts
    • ๐Ÿ‘“Real World Examples
    • ๐ŸคDelegatecall and Precompiles: Conclusion
  • ๐ŸŒŠTutorial 13: Liquid Staking
    • ๐Ÿš€Prerequisites
    • ๐Ÿ“˜Understanding Liquid Staking
    • ๐Ÿ’€Understanding Liquid Staking Vulnerabilities
    • ๐Ÿ›‘Example Vulnerability
    • ๐ŸœExample Vulnerability 2
    • ๐Ÿ•ท๏ธExample Vulnerability 3
    • ๐ŸคLiquid Staking: Conclusion
  • ๐ŸšฟTutorial 14: Slippage
    • ๐Ÿš€Prerequisites
    • ๐Ÿ“˜Understanding Slippage in Automated Market Makers (AMMs)
    • ๐Ÿ’€Understanding the "Lack of Slippage Check" Vulnerability in Automated Market Makers (AMMs) and DEXs
    • ๐Ÿ˜กOn-Chain Slippage Calculations Vulnerability
    • ๐Ÿ“›0 slippage tolerance vulnerability
    • ๐Ÿ‘“Real World Examples
    • ๐ŸฆResource bank to more slippage vulnerabilities
    • ๐ŸคSlippage Conclusion
  • ๐Ÿ“‰Tutorial 15: Oracles
    • ๐Ÿš€Prerequisites
    • ๐Ÿ“˜Understanding Oracles
    • ๐Ÿ“ˆTypes of price feeds
    • ๐Ÿ˜กFlash Loans
    • ๐Ÿ’€Understanding Oracle Vulnerabilities
      • โ›“๏ธThe Danger of Single Oracle Dependence
      • โฌ‡๏ธUsing Deprecated Functions
      • โŒLack of return data validation
      • ๐Ÿ•Inconsistent or Absent Price Data Fetching/Updating Intervals
    • ๐Ÿ”ซDecentralized Exchange (DEX) Price Oracles Vulnerabilities
    • ๐Ÿ›‘Found Vulnerabilities In Oracle Implementations
      • โš–๏ธNewly Registered Assets Skew Consultation Results
      • โšกFlash-Loan Oracle Manipulations
      • โ›“๏ธRelying Only On Chainlink: PriceOracle Does Not Filter Price Feed Outliers
      • โœ๏ธNot Validating Return Data e.g Chainlink: (lastestRoundData)
      • ๐Ÿ—ฏ๏ธChainlink: Using latestAnswer instead of latestRoundData
      • ๐Ÿ˜ญReliance On Fetching Oracle Functionality
      • ๐ŸŽฑWrong Assumption of 18 decimals
      • ๐Ÿง€Stale Prices
      • 0๏ธโƒฃOracle Price Returning 0
      • ๐Ÿ›ถTWAP Oracles
      • ๐Ÿ˜–Wrong Token Order In Return Value
      • ๐Ÿ—๏ธmiscellaneous
    • ๐ŸคOracles: Conclusion
  • ๐Ÿง Tutorial 16: Zero Knowledge (ZK)
    • ๐Ÿš€Prerequisites
    • ๐Ÿ“šTheory
      • ๐Ÿ”ŒCircom
      • ๐Ÿ’ปComputation
      • ๐Ÿ›ค๏ธArithmetic Circuits
      • ๐ŸšงRank-1 Constraint System (R1CS)
      • โž—Quadratic Arithmetic Program
      • โœ๏ธLinear Interactive Proof
      • โœจZK-Snarks
    • ๐Ÿค“Definitions and Essentials
      • ๐Ÿ”‘Key
      • ๐Ÿ˜ŽScalar Field Order
      • ๐ŸŒณIncremental Merkle Tree
      • โœ’๏ธECDSA signature
      • ๐Ÿ“จNon-Interactive Proofs
      • ๐Ÿ๏ธFiat-Shamir transformation (or Fiat-Shamir heuristic)
      • ๐ŸชถPedersen commitment
    • ๐Ÿ’€Common Vulnerabilities in ZK Code
      • โ›“๏ธUnder-constrained Circuits
      • โ—Nondeterministic Circuits
      • ๐ŸŒŠArithmetic Over/Under Flows
      • ๐Ÿ‚Mismatching Bit Lengths
      • ๐ŸŒช๏ธUnused Public Inputs Optimized Out
      • ๐ŸฅถFrozen Heart: Forging of Zero Knowledge Proofs
      • ๐ŸšฐTrusted Setup Leak
      • โ›”Assigned but not Constrained
    • ๐Ÿ›Bugs In The Wild
      • ๐ŸŒณDark Forest v0.3: Missing Bit Length Check
      • ๐Ÿ”ขBigInt: Missing Bit Length Check
      • ๐Ÿš“Circom-Pairing: Missing Output Check Constraint
      • ๐ŸนSemaphore: Missing Smart Contract Range Check
      • ๐Ÿ”ซZk-Kit: Missing Smart Contract Range Check
      • ๐Ÿค–Aztec 2.0: Missing Bit Length Check / Nondeterministic Nullifier
      • โธ๏ธAztec Plonk Verifier: 0 Bug
      • ๐Ÿช‚0xPARC StealthDrop: Nondeterministic Nullifier
      • ๐Ÿ˜จa16z ZkDrops: Missing Nullifier Range Check
      • ๐ŸคซMACI 1.0: Under-constrained Circuit
      • โ„๏ธBulletproofs Paper: Frozen Heart
      • ๐Ÿ”๏ธPlonK: Frozen Heart
      • ๐Ÿ’คZcash: Trusted Setup Leak
      • ๐Ÿšจ14. MiMC Hash: Assigned but not Constrained
      • ๐Ÿš”PSE & Scroll zkEVM: Missing Overflow Constraint
      • โžก๏ธPSE & Scroll zkEVM: Missing Constraint
      • ๐ŸคจDusk Network: Missing Blinding Factors
      • ๐ŸŒƒEY Nightfall: Missing Nullifier Range Check
      • ๐ŸŽ†Summa: Unconstrained Constants Assignemnt
      • ๐Ÿ“ŒPolygon zkEVM: Missing Remainder Constraint
    • ๐Ÿ’ฟZK Security Resources
  • ๐ŸคTutorial 17 DEX's (Decentralized Exchanges)
    • ๐Ÿš€Prerequisites
    • ๐Ÿ“šUnderstanding Decentralized Exchanges
    • ๐Ÿ’€Common Vulnerabilities in DEX Code
      • ๐Ÿ”ŽThe "Lack of Slippage Check" Vulnerability in Automated Market Makers (AMMs) a
      • ๐Ÿ˜กOn-Chain Slippage Calculations Vulnerability
      • ๐Ÿ“›Slippage tolerance vulnerability
      • ๐Ÿ˜ตHow Pool Implementation Mismatches Pose a Security Risk to Decentralized Exchanges (DEXs)
      • ๐ŸŠโ€โ™‚๏ธVulnerabilities in Initial Pool Creation - Liquidity Manipulation Attacks
      • ๐Ÿ›‘Vulnerabilities In Oracle Implementations
        • โš–๏ธNewly Registered Assets Skew Consultation Results
        • โšกFlash-Loan Oracle Manipulations
        • โ›“๏ธRelying Only On Chainlink: PriceOracle Does Not Filter Price Feed Outliers
        • โœ๏ธNot Validating Return Data e.g Chainlink: (lastestRoundData)
        • ๐Ÿ—ฏ๏ธChainlink: Using latestAnswer instead of latestRoundData
        • ๐Ÿ˜ญReliance On Fetching Oracle Functionality
        • ๐ŸŽฑWrong Assumption of 18 decimals
        • ๐Ÿง€Stale Prices
        • 0๏ธโƒฃOracle Price Returning 0
        • ๐Ÿ›ถTWAP Oracles
        • ๐Ÿ˜–Wrong Token Order In Return Value
        • ๐Ÿ—๏ธmiscellaneous
      • ๐ŸฅถMinting and Burning Liquidity Pool Tokens
      • ๐ŸŽซMissing Checks
      • ๐Ÿ”ž18 Decimal Assumption
        • ๐Ÿ“ŒUnderstanding ERC20 Decimals
        • ๐Ÿ’€Examples Of Vulnerabilities To Do With Assuming 18 Decimals
      • ๐Ÿ›ฃ๏ธIncorrect Swap Path
      • The Importance of Deadline Checks in Swaps
    • ๐ŸคConclusion
  • ๐Ÿค–Tutorial 18: Proxies
    • ๐Ÿš€Prerequisites
    • ๐Ÿ“ฅEthereum Storage and Memory
    • ๐Ÿ“ฒEthereum Calls and Delegate Calls
    • ๐Ÿ’ชUpgradability Patterns in Ethereum: Enhancing Smart Contracts Over Time
    • ๐Ÿ”Proxy Upgrade Pattern in Ethereum
    • ๐ŸŒ€Exploring the Landscape of Ethereum Proxies
      • ๐ŸชžTransparent Proxies
      • โฌ†๏ธUUPS Proxies
      • ๐Ÿ’กBeacon Proxies
      • ๐Ÿ’ŽDiamond Proxies
  • ๐Ÿ”žTutorial 19: 18 Decimal Assumption
    • ๐Ÿš€Prerequisites
    • ๐Ÿ“ŒUnderstanding ERC20 Decimals
    • ๐Ÿ’€Examples Of Vulnerabilities To Do With Assuming 18 Decimals
    • ๐ŸคConclusion
  • โž—Tutorial 20: Arithmetic
    • ๐Ÿš€Prerequisites
    • ๐Ÿ•ณ๏ธArithmetic pitfall 1: Division by 0
    • ๐Ÿ”ชArithmetic pitfall 2: Precision Loss Due To Rounding
    • ๐ŸฅธArithmetic pitfall 3: Erroneous Calculations
    • ๐ŸคConclusion
  • ๐Ÿ”Tutorial 21: Unbounded Loops
    • ๐Ÿš€Prerequisites
    • โ›ฝGas Limit Vulnerability
    • ๐Ÿ“จTransaction Failures Within Loops
    • ๐ŸคConclusion
  • ๐Ÿ“”Tutorial 22: `isContract`
    • ๐Ÿš€Prerequisites
    • ๐Ÿ’€Understanding the 'isContract()` vulnerability
    • ๐ŸคConclusion
  • ๐Ÿ’ตTutorial 23: Staking
    • ๐Ÿš€Prerequisites
    • ๐Ÿ’€First Depositor Inflation Attack in Staking Contracts
    • ๐ŸŒช๏ธFront-Running Rebase Attack (Stepwise Jump in Rewards)
    • โ™จ๏ธRugability of a Poorly Implemented recoverERC20 Function in Staking Contracts
    • ๐Ÿ˜ General Considerations for ERC777 Reentrancy Vulnerabilities
    • ๐ŸฅVulnerability: _lpToken and Reward Token Confusion in Staking Contracts
    • ๐ŸŒŠSlippage Checks
    • ๐ŸŒฝThe Harvest Functionality in Vaults: Issues and Best Practices
  • โ›“๏ธTutorial 24: Chain Re-org Vulnerability
    • ๐Ÿš€Prerequisites
    • โ™ป๏ธChain Reorganization (Re-org) Vulnerability
    • ๐Ÿง‘โ€โš–๏ธChain Re-org Vulnerability in Governance Voting Mechanisms
  • ๐ŸŒ‰Tutorial 25: Cross Chain Bridges Vulnerabilities
    • ๐Ÿš€Prerequisites
    • โ™ป๏ธERC777 Bridge Vulnerability: Reentrancy Attack in Token Accounting
      • ๐Ÿ›‘Vulnerability: Withdrawals Can Be Locked Forever If Recipient Is a Contract
    • ๐Ÿ‘›The Dangers of Not Using SafeERC20 for Token Transfers
    • Uninitialized Variable Vulnerability in Upgradeable Smart Contracts
    • Unsafe External Calls and Their Vulnerabilities
    • Signature Replay Attacks in Cross-Chain Protocols
  • ๐ŸšฐTutorial 26: Integer Underflow and Overflow Vulnerabilities in Solidity (Before 0.8.0)
    • ๐Ÿš€Prerequisites
    • ๐Ÿ’€Understanding Integer Underflow and Overflow Vulnerabilities
    • ๐ŸคConclusion
  • ๐ŸฅTutorial 27: OpenZeppelin Vulnerabilities
    • ๐Ÿš€Prerequisites
    • ๐Ÿ›ฃ๏ธA Guide on Vulnerability Awareness and Management
      • ๐ŸคConclusion
  • ๐Ÿ–Š๏ธTutorial 28: Signature Vulnerabilities / Replays
    • ๐Ÿš€Prerequisites
    • ๐Ÿ”Reusing EIP-712 Signatures in Private Sales
    • ๐Ÿ”Replay Attacks on Failed Transactions
    • ๐Ÿ“ƒImproper Token Validation in Permit Signature
  • ๐ŸคTutorial 29: Solmate Vulnerabilities
    • ๐Ÿ”Lack of Code Size Check in Token Transfer Functions in Solmate
  • ๐ŸงฑTutorial 30: Inconsistent block lengths across chains
    • ๐Ÿ•›Incorrect Assumptions about Block Number in Multi-Chain Deployments
  • ๐Ÿ’‰Tutorial 31: NFT JSON and XSS injection
    • ๐Ÿ“œVulnerability: JSON Injection in tokenURI Functions
    • ๐Ÿ“Cross-Site Scripting (XSS) Vulnerability via SVG Construction in Smart Contracts
  • ๐ŸƒTutorial 32: Merkle Leafs
    • ๐Ÿ–ฅ๏ธMisuse of Merkle Leaf Nodes
  • 0๏ธTutorial 33: Layer 0
    • ๐Ÿ“ฉLack of Force Resume in LayerZero Integrations
    • โ›ฝLayerZero-Specific Vulnerabilities in Airdropped Gas and Failure Handling
    • ๐Ÿ”“Understanding the Vulnerability of Blocking LayerZero Channels
    • ๐Ÿ–Š๏ธCopy of Understanding the Vulnerability of Blocking LayerZero Channels
  • โ™ป๏ธTutorial 34: Forgetting to Update the Global State in Smart Contracts
  • โ€ผ๏ธTutorial 35: Wrong Function Signature
  • ๐Ÿ›‘Tutorial 36: Handling Edge Cases of Banned Addresses in DeFi
  • Tutorial 37: initializer and onlyInitializing
  • โž—Tutorial 38: Eigen Layer
    • ๐Ÿ“ฉDenial of Service in NodeDelegator Due to EigenLayer's maxPerDeposit Check
    • ๐Ÿ“ˆIncorrect Share Issuance Due to Strategy Updates in EigenLayer Integrations
    • ๐Ÿ”nonReentrant Vulnerability in EigenLayer Withdrawals
  • โšซTutorial 39: Wormhole
    • ๐Ÿ“ฉProposal Execution Failure Due to Guardian Set Change
  • ๐Ÿ’ผTutorial 40: Uniswap V3
    • ๐Ÿ“ฉUnderstanding and Mitigating Partial Swaps in Uniswap V3
    • ๐ŸŒŠUnderflow Vulnerability in Uniswap V3 Position Fee Growth Calculations
    • โž—Handling Decimal Discrepancies in Uniswap V3 Price Calculations
  • ๐Ÿ”ขTutorial 41: Multiple Token Addresses in Proxied Tokens
    • ๐Ÿ”“Understanding Vulnerabilities Arising from Tokens with Multiple Entry Points
  • ๐Ÿค–Tutorial 42: abiDecoder v2
    • ๐ŸฅฅVulnerabilities from Manipulated Token Interactions Using ABI Decoding
  • โ“Tutorial 43: On-Chain Randomness
    • Vulnerabilities in On-Chain Randomness and How It Can Be Exploited
  • ๐Ÿ˜–Tutorial 44: Weird ERC20 Tokens
    • Weird Token List
  • ๐Ÿ”จTutorial 45: Hardcoded stable coin values
  • โค๏ธTutorial 46: The Risks of Chainlink Heartbeat Discrepancies in Smart Contracts
  • ๐Ÿ‘ฃTutorial 47: The Risk of Forgetting a Withdrawal Mechanism in Smart Contracts
  • ๐Ÿ’ปTutorial 48: Governance and Voting
    • Flash Loan Voting Exploit
    • Exploiting Self-Delegation
    • ๐Ÿ’ฐMissing payable Keyword in Governance Execute Function
    • ๐Ÿ‘ŠVoting Multiple Times by Shifting Delegation
    • ๐Ÿ‘Missing Duplicate Veto Check
  • ๐Ÿ“•Tutorial 49: Not Conforming To EIP standards
    • ๐Ÿ’ŽUnderstanding EIP-2981: NFT Royalty Standard
    • ๐Ÿ‘Improper Implementation of EIP-2612 Permit Standard
    • ๐Ÿ”Vulnerabilities of Missing EIP-155 Replay Attack Protection
    • โžก๏ธVulnerabilities Due to Missing EIP-1967 in Proxy Contracts
    • ๐Ÿ”“Vulnerability of Design Preventing EIP-165 Extensibility
    • ๐ŸŽŸ๏ธThe Dangers of Not Properly Implementing ERC-4626 in Yield Vaults
    • ๐Ÿ”EIP-712 Implementation and Replay Attacks
  • โณTutorial 50: Vesting
    • ๐Ÿš”Vulnerability of Allowing Unauthorized Withdrawals in Vesting Contracts
    • ๐Ÿ‘ŠVulnerability of Unbounded Timelock Loops in Vesting Contracts
    • โฌ†๏ธVulnerability of Incorrect Linear Vesting Calculations
    • โ›ณMissing hasStarted Modifier
    • ๐Ÿ”“Vulnerability in Bond Depositor's Vesting Period Reset
  • โ›ฝTutorial 51: Ethereum's 63/64 Gas Rule
    • ๐Ÿ›ข๏ธAbusing Ethereum's 63/64 Gas Rule to Manipulate Contract Behavior
  • ๐Ÿ“ฉTutorial 52: NPM Dependency Confusion and Unclaimed Packages
    • ๐Ÿ’ŽExploiting Unclaimed NPM Packages and Scopes
  • ๐ŸŽˆTutorial 53: Airdrops
    • ๐Ÿ›„Claiming on Behalf of Other Users
    • ๐ŸงฒRepeated Airdrop Claims Vulnerability
    • ๐ŸƒAirdrop Vulnerability โ€“ Merkle Leaves and Parent Node Hash Collisions
  • ๐ŸŽฏTutorial 54: Precision
    • ๐ŸŽVulnerabilities Due to Insufficient Precision in Reward Calculations
    • Min-Shares: Fixed Minimum Share Values for Tokens with Low Decimal Precision
    • Vulnerability Due to Incorrect Rounding When the Numerator is Not a Multiple of the Denominator
    • Vulnerability from Small Deposits Being Rounded Down to Zero Shares in Smart Contracts
    • Precision Loss During Withdrawals from Vaults Can Block Token Transfers Due to Value < Amount
    • 18 Decimal Assumption Scaling: Loss of Precision in Asset Conversion Due to Incorrect Scaling
  • Tutorial 55: AssetIn == AssetOut, FromToken == ToToken
    • ๐Ÿ–ผ๏ธVulnerability: Missing fromToken != toToken Check
  • ๐ŸšฟTutorial 56: Vulnerabilities Related to LP Tokens Being the Same as Reward Tokens
    • ๐Ÿ–ผ๏ธVulnerabilities Caused by LP Tokens Being the Same as Reward Tokens
  • Tutorial 57: Unsanitized SWAP Paths and Arbitrary Contract Call Vulnerabilities
    • ๐Ÿ“ฒArbitrary Contract Calls from Unsanitized Paths
  • Tutorial 58: The Risk of Infinite Approvals and Arbitrary Contract Calls
    • ๐ŸชฃExploiting Infinite Approvals and Arbitrary Contract Calls
  • Tutorial 59: Low-Level Calls in Solidity Returning True for Non-Existent Contracts
    • Low-Level Calls Returning True for Non-Existent Contracts
  • 0๏ธโƒฃTutorial 60: The Impact of PUSH0 and the Shanghai Hardfork on Cross-Chain Deployments > 0.8.20
    • PUSH0 and Cross-Chain Compatibility Challenges
  • ๐ŸTutorial 61: Vyper Vulnerable Versions
    • Vyper and the EVM
  • โŒจ๏ธTutorial 62: Typos in Smart Contracts โ€” The Silent Threat Leading to Interface Mismatch
    • Vyper and the EVM
  • โ˜๏ธTutorial 63: Balance Check Using ==
    • The Vulnerability: == Balance Check
  • ๐Ÿ’Tutorial 64: Equal Royalties for Unequal NFTs
    • Understanding the Problem: Equal Royalties for Unequal NFTs
  • ๐Ÿ–ผ๏ธTutorial 65: ERC721 and NFTs
    • The Risk of Using transferFrom Instead of safeTransferFrom in ERC721 Projects
    • โ„๏ธWhy _safeMint Should Be Used Instead of _mint in ERC721 Projects
    • The Importance of Validating Token Types in Smart Contracts
    • ๐Ÿ“ฌImplementing ERC721TokenReceiver to Handle ERC721 Safe Transfers
    • NFT Implementation Deviating from ERC721 Standard in Transfer Functions
    • NFT Approval Persistence after Transfer
    • ๐ŸŽฎGameable NFT Launches through Pseudo-Randomness
    • 2๏ธโƒฃProtecting Buyers from Losing Funds Due to Claimed NFT Rewards on Secondary Markets
    • โ™ป๏ธPreventing Reentrancy When Using SafeERC721
    • ๐Ÿ–Š๏ธPreventing Re-use of EIP-712 Signatures in NFT Private Sales
  • 2๏ธโƒฃTutorial 66: Vulnerability Arising from NFTs Supporting Both ERC721 and ERC1155 Standards
  • ๐Ÿ“ทTutorial 67: ERC1155 Vulnerabilities
    • โ™ป๏ธPreventing Reentrancy in OpenZeppelin's SafeERC1155
    • ๐Ÿ›ซVulnerabilities in OpenZeppelin's ERC1155Supply Contract
    • Understanding Incorrect Token Owner Enumeration in ERC1155Enumerable
    • Avoiding Breaking ERC1155 Composability with Improper safeTransferFrom Implementation
    • ๐Ÿ’Ensuring Compatibility with EIP-2981 in ERC1155 Contracts
  • ๐ŸชŸInformational Vulnerabilities
  • โ›ฝGas Efficiency
  • ๐Ÿ’ปAutomation Tools
  • ๐Ÿ”œOut Of Gas (Coming Soon)
  • ๐Ÿ”œDEX Aggregators (Coming Soon)
  • ๐Ÿ”œBribes (Coming Soon)
  • ๐Ÿ”œUnderstanding Compiled Bytecode (coming soon)
  • ๐Ÿ”œDeployment Mistakes (coming soon)
  • ๐Ÿ”œOptimistic Roll-ups (coming soon)
  • ๐Ÿ”œTypos (coming soon)
  • ๐Ÿ”œTry-Catch (coming soon)
  • ๐Ÿ”œNFT Market-place (coming soon)
  • ๐Ÿ”œUpgrade-able Contracts (coming soon)
Powered by GitBook
On this page

Automation Tools

PreviousGas EfficiencyNextOut Of Gas (Coming Soon)

Last updated 7 months ago

๐Ÿ’ป
Book an audit with Zokyo
https://zokyo-auditing-tutorials.gitbook.io/zokyo-automated-tools/