-
Notifications
You must be signed in to change notification settings - Fork 350
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Import not-so-smart-contracts #146
base: master
Are you sure you want to change the base?
Conversation
- DAO - Integer overflow
- missing constructor - unprotected function - wrong interface Add DAO and Paritity Wallet source code
We don't use the word 'vulerability' in the other titles; it is assumed
Initial work on #4
Start on #5
However I am told that in the 60's there was a Fortan compiler used developed Brooklyn NY, that accepted INTERGER any place INTEGER was expected. This was touted as an early innovation in user-friendliness.
albeit with numerous warnings. Add a solidity pragma.
bohendo seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
I'm unfamiliar with CLA. If I need to clobber the contributions by offlinemark, perks, rocky, and lojikil and rewrite those commits to be authored by myself, lmk & I can figure that out. |
Overall I am not sure we should import the git history and the whole repo. Not so smart contract hasnt been updated in years, and as a result it's really not up to date. I think we should start by picking the ones that are still true, PR38, and probably a couple of issues highlighted in slither private detectors |
I like importing git history like this because it preserves contribution history &
This isn't the only one that's not an issue if a modern solidity compiler is used. In these cases, would you recommend adding a mention of which solidity versions are vulnerable or removing these items entirely?
Agreed that adding more content to this section is worthwhile, but IMO that's out of scope for this particular PR. Let's focus first on what should NOT be imported before we start considering what additional content would help make this section great. |
Update: I've given this whole thing a thorough editing pass. All solidity examples have been linted & reformatted & upgraded to the latest solidity version in which the issue is still applicable (mostly 0.8.x except for integer overflows & honeypots) For very old issues, the This all fits together nicely now IMO: most of these examples are targeting people developing new contracts so issues with ancient versions of solc aren't so important. But honeypots are adversarial & will use whichever version of solc suits their purposes so using those as a gallery of historical solc issues makes sense. I'm very happy with the honeypot page now: I used some in-line html to hide the description of each trap description giving the reader a chance to browse the intro + contract source before revealing what the trap is. |
What is the status of this? Should we have another review? |
This is on hold. Nsc for solidity is outdated and need a refresher |
This PR imports all content (including the git history) from crytic/not-so-smart-contracts and places it in the
not-so-smart-contracts/solidity
directory.Important note: none of the PRs to crytic/not-so-smart-contracts have been imported but, if/when this PR gets merged, I'll help import whichever PRs are worth importing (3 of 6 PRs are >2 years old so probably not worth it but tbd).