Zokyo Auditing Tutorials

🔐Zokyo Auditing Tutorials
📚Tutorials
💰Tutorial 5: Fee-On-Transfer Tokens
🌴Tutorial 6: Merkle Trees
🌳Tutorial 7: Merkle-Patricia Trees
🔁Tutorial 8: Reentrancy
🔂Tutorial 9: Read-Only Reentrancy
🚆Tutorial 10: ERC20 transfer() and safeTransfer()
📞Tutorial 11: Low level .call(), .transfer() and .send()
☎️Tutorial 12: Delegatecall Vulnerabilities in Precompiled Contracts
🌊Tutorial 13: Liquid Staking
🚿Tutorial 14: Slippage
📉Tutorial 15: Oracles
🧠Tutorial 16: Zero Knowledge (ZK)
🤝Tutorial 17 DEX's (Decentralized Exchanges)
🤖Tutorial 18: Proxies
🔞Tutorial 19: 18 Decimal Assumption
➗Tutorial 20: Arithmetic
🔁Tutorial 21: Unbounded Loops
📔Tutorial 22: `isContract`
💵Tutorial 23: Staking
⛓️Tutorial 24: Chain Re-org Vulnerability
🌉Tutorial 25: Cross Chain Bridges Vulnerabilities
🚰Tutorial 26: Integer Underflow and Overflow Vulnerabilities in Solidity (Before 0.8.0)
🥏Tutorial 27: OpenZeppelin Vulnerabilities
- 🚀Prerequisites
- 🛣️A Guide on Vulnerability Awareness and Management
  - 🤝Conclusion
🖊️Tutorial 28: Signature Vulnerabilities / Replays
🤝Tutorial 29: Solmate Vulnerabilities
- 🔏Lack of Code Size Check in Token Transfer Functions in Solmate
🧱Tutorial 30: Inconsistent block lengths across chains
- 🕛Incorrect Assumptions about Block Number in Multi-Chain Deployments
💉Tutorial 31: NFT JSON and XSS injection
- 📜Vulnerability: JSON Injection in tokenURI Functions
- 📍Cross-Site Scripting (XSS) Vulnerability via SVG Construction in Smart Contracts
🍃Tutorial 32: Merkle Leafs
- 🖥️Misuse of Merkle Leaf Nodes
0️Tutorial 33: Layer 0
♻️Tutorial 34: Forgetting to Update the Global State in Smart Contracts
‼️Tutorial 35: Wrong Function Signature
🛑Tutorial 36: Handling Edge Cases of Banned Addresses in DeFi
Tutorial 37: initializer and onlyInitializing
➗Tutorial 38: Eigen Layer
⚫Tutorial 39: Wormhole
- 📩Proposal Execution Failure Due to Guardian Set Change
💼Tutorial 40: Uniswap V3
🔢Tutorial 41: Multiple Token Addresses in Proxied Tokens
- 🔓Understanding Vulnerabilities Arising from Tokens with Multiple Entry Points
🤖Tutorial 42: abiDecoder v2
- 🥥Vulnerabilities from Manipulated Token Interactions Using ABI Decoding
❓Tutorial 43: On-Chain Randomness
- Vulnerabilities in On-Chain Randomness and How It Can Be Exploited
😖Tutorial 44: Weird ERC20 Tokens
- Weird Token List
🔨Tutorial 45: Hardcoded stable coin values
❤️Tutorial 46: The Risks of Chainlink Heartbeat Discrepancies in Smart Contracts
👣Tutorial 47: The Risk of Forgetting a Withdrawal Mechanism in Smart Contracts
💻Tutorial 48: Governance and Voting
📕Tutorial 49: Not Conforming To EIP standards
⏳Tutorial 50: Vesting
⛽Tutorial 51: Ethereum's 63/64 Gas Rule
- 🛢️Abusing Ethereum's 63/64 Gas Rule to Manipulate Contract Behavior
📩Tutorial 52: NPM Dependency Confusion and Unclaimed Packages
- 💎Exploiting Unclaimed NPM Packages and Scopes
🎈Tutorial 53: Airdrops
🎯Tutorial 54: Precision
Tutorial 55: AssetIn == AssetOut, FromToken == ToToken
- 🖼️Vulnerability: Missing fromToken != toToken Check
🚿Tutorial 56: Vulnerabilities Related to LP Tokens Being the Same as Reward Tokens
- 🖼️Vulnerabilities Caused by LP Tokens Being the Same as Reward Tokens
Tutorial 57: Unsanitized SWAP Paths and Arbitrary Contract Call Vulnerabilities
- 📲Arbitrary Contract Calls from Unsanitized Paths
Tutorial 58: The Risk of Infinite Approvals and Arbitrary Contract Calls
- 🪣Exploiting Infinite Approvals and Arbitrary Contract Calls
Tutorial 59: Low-Level Calls in Solidity Returning True for Non-Existent Contracts
- Low-Level Calls Returning True for Non-Existent Contracts
0️⃣Tutorial 60: The Impact of PUSH0 and the Shanghai Hardfork on Cross-Chain Deployments > 0.8.20
- PUSH0 and Cross-Chain Compatibility Challenges
🐍Tutorial 61: Vyper Vulnerable Versions
- Vyper and the EVM
⌨️Tutorial 62: Typos in Smart Contracts — The Silent Threat Leading to Interface Mismatch
- Vyper and the EVM
☁️Tutorial 63: Balance Check Using ==
- The Vulnerability: == Balance Check
💍Tutorial 64: Equal Royalties for Unequal NFTs
- Understanding the Problem: Equal Royalties for Unequal NFTs
🖼️Tutorial 65: ERC721 and NFTs
2️⃣Tutorial 66: Vulnerability Arising from NFTs Supporting Both ERC721 and ERC1155 Standards
📷Tutorial 67: ERC1155 Vulnerabilities
🪟Informational Vulnerabilities
⛽Gas Efficiency
💻Automation Tools
🔜Out Of Gas (Coming Soon)
🔜DEX Aggregators (Coming Soon)
🔜Bribes (Coming Soon)
🔜Understanding Compiled Bytecode (coming soon)
🔜Deployment Mistakes (coming soon)
🔜Optimistic Roll-ups (coming soon)
🔜Typos (coming soon)
🔜Try-Catch (coming soon)
🔜NFT Market-place (coming soon)
🔜Upgrade-able Contracts (coming soon)

Powered by GitBook

On this page

🔜Typos (coming soon)

PreviousOptimistic Roll-ups (coming soon)NextTry-Catch (coming soon)