The attacker scans a smart contract (a software program on a blockchain) to find vulnerabities to be exploited. A good example for an exploit based on a vulnerability within a smart contract is “The DAO” hack (see https://www.coindesk.com/learn/2016/06/25/understanding-the-dao-attack/), which happened on 18th June 2016 and ended with a hard-fork for the Ethereum blockchain. The attacker drained more than 3.6 million Ether from the DAO into a “child DAO” with the same structure as “The DAO”. A DAO is a Decentralized Autonomous Organization were rules and decision-making techniques of an organization is coded in a smart contract to create a decentralized structure without the control of institutional parties. Another example is the Nomad Bridge drain where the developers allowed root messages starting with 0x00. Attackers could use that issue to drain the bridge by finding a single transaction which worked, replacing the original user’s address with another one and re-broadcasting it (see https://mobile.twitter.com/samczsun/status/1554252024723546112?s=21).
Sub techniques (0)
ID
Name
--
--
ID
Mitigation
Description
M01
Audit
DAO projects should commission audits before the go live of their smart contracts.
M02
Check smart contract
Investors with an affinity for technology should check the lines of code of the smart contract on their own before investing.
