Summary
Keywords
Full Transcript
Are you a security researcher looking to join a world-class team? Apply to open positions at Guardian here: https://guardianaudits.com Interested in getting hands-on training to become an expert security researcher in a matter of months? Get the guide to becoming a senior auditor in 6 months here: https://www.intogateway.com/guide Looking for a Smart Contract Audit? Apply to work with the Guardian team on our website: https://guardianaudits.com Join our community aimed at building and sharing a wealth of blockchain and solidity knowledge to help developers/auditors of all levels transform the web3 ecosystem: https://lab.guardianaudits.com/ If you're still not 100% confident in your web3 auditing skills, I collaborated with several other top security professionals in the space to bring you the most comprehensive & effective web3 security course ever! You can take $50 off using my link here: https://smartcontractshacking.com/?referral=owen Yul & Memory Intro | Yul Exploit!: https://youtu.be/9qLUvtL5uKQ 00:00 - Intro 02:52 - #1 Deleting structs does not delete containing mappings or lists 04:53 - #2 Immutable values are not maintained on upgrade 05:41 - #3 Subtractions that underflow & revert 07:02 - #4 Downcasting can still overflow 07:50 - #5 Not having a withdraw method for received ether 08:58 - #6 Parallel data structures 11:28 - #7 Typos 12:15 - #8 Mstore does not update the free memory pointer 12:51 - #9 Using transfer or send 13:19 - #10 Division symbols 14:15 - #11 Handling units wrong 15:09 - #12 Assuming every contract can accept ether/tokens 15:51 - #13 Loading in the return value of .call 17:00 - #14 Using for-loops to push rather than pull 18:31 - #15 Using msg.value in a loop 20:11 - #16 Decoding arbitrary bytes that can come from an untrusted address 21:16 - #17 Tx.origin used for authentication 21:51 - #18 Correctly validating the freshness of prices 22:52 - #19 Fee-on-transfer tokens 23:54 - #20 Off by one errors 25:07 - #21 Chain compatibility 27:14 - Get a free quote 28:13 - Join the Solidity lab
