-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Review and update for underhanded contest results #102
Comments
@shayanb I wonder if the issues items we added for this might have been a better fit for their own section, or perhaps simply being linked to. They are much more involved to describe... |
@maurelian What do you have in mind for "their own section"? I was thinking of having a CTF samples section to have these in there, maybe even link Steve's twitch solutions in the same page. but it might not get the point across as possible attack vectors. |
Yes, Something like CTF samples makes more sense, as the USCC was kind of a CTF design competition in some sense. The point is that these sneaky design patterns are very hard to distil into a single recommendation or known attack. It might even be better just to describe them very briefly and link elsewhere. |
I'm slowly adding in topics and lessons learned from the [USCC](https://medium.com/@chriseth/lessons-learnt-from-the-underhanded-solidity-contest-8388960e09b1) as per Consensys/smart-contract-best-practices#102. This pull request includes documentation of built-in shadowing and fallback function bypassing. Forced sending of ether to a contract is briefly mentioned in [Recommendations](https://github.com/ConsenSys/smart-contract-best-practices/blob/cea931b36466b4202927adad7072669a030290d3/docs/recommendations.md), although this addition expands on possible attack surfaces. Feedback is welcome.
I'm slowly adding in topics and lessons learned from the [USCC](https://medium.com/@chriseth/lessons-learnt-from-the-underhanded-solidity-contest-8388960e09b1) as per Consensys/smart-contract-best-practices#102. This pull request includes documentation of built-in shadowing and fallback function bypassing. Forced sending of ether to a contract is briefly mentioned in [Recommendations](https://github.com/ConsenSys/smart-contract-best-practices/blob/4e532f9c9afe661318da2c1e97a1605fde7a5349/docs/recommendations.md), although this addition expands on possible attack surfaces. Feedback is welcome.
I'm slowly adding in topics and lessons learned from the [USCC](https://medium.com/@chriseth/lessons-learnt-from-the-underhanded-solidity-contest-8388960e09b1) as per Consensys/smart-contract-best-practices#102. This pull request includes documentation of built-in shadowing and fallback function bypassing. Forced sending of ether to a contract is briefly mentioned in [Recommendations](https://github.com/ConsenSys/smart-contract-best-practices/blob/cea931b36466b4202927adad7072669a030290d3/docs/recommendations.md), although this addition expands on possible attack surfaces. Feedback is welcome.
I'm slowly adding in topics and lessons learned from the [USCC](https://medium.com/@chriseth/lessons-learnt-from-the-underhanded-solidity-contest-8388960e09b1) as per Consensys/smart-contract-best-practices#102. This pull request includes documentation of built-in shadowing and fallback function bypassing. Forced sending of ether to a contract is briefly mentioned in [Recommendations](https://github.com/ConsenSys/smart-contract-best-practices/blob/cea931b36466b4202927adad7072669a030290d3/docs/recommendations.md), although this addition expands on possible attack surfaces. Feedback is welcome.
I'm slowly adding in topics and lessons learned from the [USCC](https://medium.com/@chriseth/lessons-learnt-from-the-underhanded-solidity-contest-8388960e09b1) as per Consensys/smart-contract-best-practices#102. This pull request includes documentation of built-in shadowing and fallback function bypassing. Forced sending of ether to a contract is briefly mentioned in [Recommendations](https://github.com/ConsenSys/smart-contract-best-practices/blob/cea931b36466b4202927adad7072669a030290d3/docs/recommendations.md), although this addition expands on possible attack surfaces. Feedback is welcome.
I'm slowly adding in topics and lessons learned from the [USCC](https://medium.com/@chriseth/lessons-learnt-from-the-underhanded-solidity-contest-8388960e09b1) as per Consensys/smart-contract-best-practices#102. This pull request includes documentation of built-in shadowing and fallback function bypassing. Forced sending of ether to a contract is briefly mentioned in [Recommendations](https://github.com/ConsenSys/smart-contract-best-practices/blob/cea931b36466b4202927adad7072669a030290d3/docs/recommendations.md), although this addition expands on possible attack surfaces. Feedback is welcome.
I'm slowly adding in topics and lessons learned from the [USCC](https://medium.com/@chriseth/lessons-learnt-from-the-underhanded-solidity-contest-8388960e09b1) as per Consensys/smart-contract-best-practices#102. This pull request includes documentation of built-in shadowing and fallback function bypassing. Forced sending of ether to a contract is briefly mentioned in [Recommendations](https://github.com/ConsenSys/smart-contract-best-practices/blob/cea931b36466b4202927adad7072669a030290d3/docs/recommendations.md), although this addition expands on possible attack surfaces. Feedback is welcome.
I think there are some novel items in here that we need to incorporate, but I haven't look at all of them yet.
https://medium.com/@chriseth/lessons-learnt-from-the-underhanded-solidity-contest-8388960e09b1
https://github.com/Arachnid/uscc/tree/master/submissions-2017/
https://medium.com/@weka/announcing-the-winners-of-the-first-underhanded-solidity-coding-contest-282563a87079
The text was updated successfully, but these errors were encountered: