Solidity/Ethereum vulnerabilities

Ákos Hajdu


This is a supplementary material for the Blockchain Technologies and Applications (VIMIAV17) course at the Budapest University of Technology and Economics.


There is a wide variety of vulnerabilities in blockchain-based infrastructures. The source of vulnerabilities is often the misalignment or the gap between the programmers intent and the actual execution semantics. Vulnerabilities can be categorized by the layer in which they appear. Here we discuss vulnerabilities in the context of Ethereum and Solidity, but most of them can appear in other blockchain infrastructures as well.

Note that Solidity is a rapidly evolving language, and some vulnerabilities are only possible in certain versions. Always be aware of the specifics of the targeted version.

Programming language / contracts

Execution engine

Blockchain and cross-peer protocols

References and further reading

The vulnerabilities were collected and categorized based on the following papers. You can refer to them for more details and examples.

Some further papers:

It is also highly recommended to read about security considerations, common attacks and best practices. There is also a handful of tools targeting the verification of contracts, including Truffle, Securify, MythX, Slither, solc-verify, VerX and VeriSol.