Smart Contract Security Basics Quiz

A reentrancy attack occurs when a smart contract allows an external call to another contract that can invoke the original function again before its state has been updated. This can lead to unintended consequences, such as draining funds, as the state remains unchanged during the recursive call, allowing the attacker to exploit the contract's logic.

All listed options represent critical vulnerabilities in Solidity. Integer overflow and underflow can lead to unexpected behavior in calculations. Unchecked external calls can allow for reentrancy attacks, compromising contract integrity. Misusing visibility modifiers can expose functions to unintended access. Therefore, all these vulnerabilities are significant risks in smart contract development.

The 'checks-effects-interactions' pattern helps prevent reentrancy vulnerabilities by ensuring that contract state changes (effects) are completed before any external calls (interactions) are made. This sequence mitigates the risk of a malicious contract re-entering the function and manipulating the contract's state before it can be properly updated, thus enhancing security.

Using block.timestamp in smart contract logic can lead to vulnerabilities because miners can influence the timestamp of a block they mine. This allows them to manipulate the contract's behavior by setting timestamps to their advantage, potentially leading to unfair outcomes or exploitation of the contract's rules.

Fallback functions are special functions in Ethereum smart contracts that allow the contract to execute code when it receives Ether or when a function call does not match any existing function. They enable external code execution during a transaction, facilitating interactions with the contract without needing a specific function to be called.

Formal verification in smart contracts aims to ensure that the contract behaves as intended by mathematically proving the correctness of its logic. This process helps identify and eliminate potential vulnerabilities or errors, thereby enhancing the reliability and security of the contract before deployment.

An unchecked call to an external contract may lead to a silent failure because if the external contract call fails, it does not revert the transaction or provide an error message. This can result in unexpected behavior, as the calling contract continues executing without recognizing that the intended operation did not succeed.

Missing function visibility modifiers and improper role-based access control both lead to vulnerabilities that allow unauthorized users to access sensitive functions. Without proper visibility, functions may be accessible when they shouldn't be, and inadequate role management can permit users to perform actions beyond their intended permissions, compromising system security.

The SafeMath library is designed to prevent arithmetic overflow and underflow in smart contracts by providing safe mathematical operations. This ensures that calculations do not exceed the maximum or minimum limits of the data type, thereby avoiding potential vulnerabilities that could lead to unexpected behaviors or security issues in the contract's execution.

The 'delegatecall' opcode allows a contract to execute code from another contract while maintaining the original contract's context. This can lead to vulnerabilities, as the called contract can manipulate the state and storage of the caller, potentially compromising security and leading to unintended consequences if not used carefully.

Trusting user input without validation is a significant security risk in smart contract development. It can lead to vulnerabilities such as injection attacks or unexpected behavior, as malicious users could exploit unchecked inputs. Best practices emphasize the importance of validating all inputs to ensure the integrity and security of the contract.

A 'pull over push' payment pattern enhances security by allowing recipients to withdraw funds rather than having senders push payments. This approach mitigates the risk of reentrancy attacks, where malicious contracts can exploit the transfer process, and reduces the likelihood of failed transfers, ensuring safer and more reliable transactions in smart contracts.