Blockchain is a hot topic in the technology world. One of the applications with great impact to different sectors is smart contracts on Ethereum chain. However, there are still various security vulnerabilities in smart contracts. In this project, the aim is to study these security vulnerabilities, and to develop a simple web-based checking tool to detect if such security vulnerabilities exist in smart contracts.
The checking mechanism is bypassed by the the unknown states of contracts. Contract may emptied.
The hacker passes in a shorter address, which is still valid as it is trailed with 0. Then the EVM will fill the missing bytes by 0, which makes the value to transfer larger than expected value.
The hacker writes another contract which will always refuse to receive Ether. When the contract under attack tries to send Ether to it, it will always fail and the later lines are not called, stopping the service to a certain extent.
The hacker can abuse this loophole to claim unauthorized ownership of a contract, which further leads to other dishonest behaviour.
The hacker can forcefully transfer Ether to a contract by self-destorying itself. This can bypass the checking mechanism of contracts' balance.
The value of numerical variables may be out of expectation if unit overflow/ underflow is not properly handled.
Users can upload their smart contracts files to the tool and a brief security report with possible effects and recommended ways to fix is returned for reference after checking.