Confidence: 100%
Detect whether the attackers can steal ETH / native tokens from the contract.
Example:
function buggy() public {
payable(msg.sender).transfer(1 ether);
}
Confidence: 100%
Detect whether the attackers can steal ERC20 / ERC721 tokens from the contract, determined by the positive earnings of the attackers. The earning is calculated by liquidating the token on related Uniswap V2 pairs.
Example:
function buggy() public {
// the price of tokenAddr2 is higher than tokenAddr1
SomeToken(tokenAddr1).transferFrom(msg.sender, address(this), 1000);
SomeToken(tokenAddr2).transfer(msg.sender, 1000);
}
Confidence: Medium
Identify misuse of Uniswap pair that could lead to price manipulation attacks.
Example:
function buggy() public {
burn(IUniswapPair(pairAddr), 1000000);
}
Confidence: 100%
Detect whether the contract can be selfdestructed by anyone.
Example:
function buggy() public {
selfdestruct(msg.sender);
}
Confidence: Low
Detect whether the contract add / multiply / subtract leading to overflow and underflow.
Example:
function buggy() public {
return type(uint256).max * 2;
}