Smart Contract Security
A standardized database of common Cardano smart contract vulnerabilities. Use this as a reference when building and auditing dApps.
Vulnerability Database
| Vulnerability | Identifier | Description |
|---|---|---|
| Double Satisfaction | double-satisfaction | Multiple UTxOs in one transaction - each validator sees the same outputs, so one payment satisfies all of them |
| Missing UTxO Authentication | missing-utxo-authentication | Anyone can create UTxOs at script addresses - without authentication (validity tokens), can't distinguish legitimate from fake |
| Time Handling | time-handling | Validators only see time intervals, not exact timestamps - incorrect bound handling enables time manipulation |
| Token Security | token-security | Native tokens, validation tokens, dust attacks, and execution limit exploits |
| Unbounded Value | unbounded-value | Unlimited tokens in UTxO cause size/execution limit failures - funds become unspendable |
| Unbounded Datum | unbounded-datum | Datum growing without limits eventually exceeds resource constraints |
| Unbounded Inputs | unbounded-inputs | Too many UTxOs required simultaneously hits transaction size/resource limits |
| Other Redeemer | other-redeemer | Logic expecting specific redeemer bypassed by using different redeemer on same script |
| Other Token Name | other-token-name | Minting policies not checking all token names allow unintended tokens under same policy ID |
| Arbitrary Datum | arbitrary-datum | Not validating datum when locking allows invalid data causing spend failures |
| UTxO Contention | utxo-contention | Shared global state creates contention when multiple users access same UTxO |
| Cheap Spam | cheap-spam | Low-cost spam actions stall legitimate protocol operations |
| Insufficient Staking Control | insufficient-staking-control | Missing staking credential checks allow reward redirection |
| Locked Value | locked-value | Permanent value locking - consider economic tradeoffs |
Learn By Doing
Cardano CTF - Interactive security game where you exploit vulnerable contracts.
Sources
Content for reference:
- MLabs - Formal vulnerability framework
- Invariant0 - In-depth security analysis
- Mesh - Code examples