Vulnerability reference
A catalog of common Cardano smart contract vulnerabilities, each linking to a deep dive. Use it as a reference when building and auditing dApps. For the conceptual overview, what the eUTXO model protects you from and the patterns that keep validators safe, start with Smart Contract Security.
Vulnerability catalog
| Vulnerability | Identifier | Description |
|---|---|---|
| Double Satisfaction | double-satisfaction | Multiple UTxOs in one transaction - each validator sees the same outputs, so one payment satisfies all of them |
| Missing UTxO Authentication | missing-utxo-authentication | Anyone can create UTxOs at script addresses - without authentication (validity tokens), can't distinguish legitimate from fake |
| Time Handling | time-handling | Validators only see time intervals, not exact timestamps - incorrect bound handling enables time manipulation |
| Token Security | token-security | Native tokens, validation tokens, dust attacks, and execution limit exploits |
| Unbounded Value | unbounded-value | Unlimited tokens in UTxO cause size/execution limit failures - funds become unspendable |
| Unbounded Datum | unbounded-datum | Datum growing without limits eventually exceeds resource constraints |
| Unbounded Inputs | unbounded-inputs | Too many UTxOs required simultaneously hits transaction size/resource limits |
| Other Redeemer | other-redeemer | Logic expecting specific redeemer bypassed by using different redeemer on same script |
| Other Token Name | other-token-name | Minting policies not checking all token names allow unintended tokens under same policy ID |
| Arbitrary Datum | arbitrary-datum | Not validating datum when locking allows invalid data causing spend failures |
| UTxO Contention | utxo-contention | Shared global state creates contention when multiple users access same UTxO |
| Cheap Spam | cheap-spam | Low-cost spam actions stall legitimate protocol operations |
| Insufficient Staking Control | insufficient-staking-control | Missing staking credential checks allow reward redirection |
| Locked Value | locked-value | Permanent value locking - consider economic tradeoffs |
Practice
Attack these yourself in the Cardano CTF, an interactive security game where you exploit vulnerable contracts.
Sources
Reference material:
- MLabs - Formal vulnerability framework
- Invariant0 - In-depth security analysis
- Mesh - Code examples