# सबसे Common Solidity Vulnerabilities
Smart contracts की security paramount है। यहाँ 2026 में सबसे frequent 10 vulnerabilities हैं, vulnerable code और solutions के साथ।
1. Reentrancy
Risk: State update से पहले recursive call।
// ❌ VULNERABLE
function withdraw(uint amount) public {
require(balances[msg.sender] >= amount);
(bool success,) = msg.sender.call{value: amount}("");
balances[msg.sender] -= amount; // बहुत late!
}
// ✅ SECURE
function withdraw(uint amount) public {
require(balances[msg.sender] >= amount);
balances[msg.sender] -= amount; // पहले effect
(bool success,) = msg.sender.call{value: amount}("");
require(success);
}
2. Access Control
Risk: Critical functions बिना restriction के।
// ❌ VULNERABLE
function mint(address to, uint amount) public {
balances[to] += amount;
}
// ✅ SECURE
address public owner;
modifier onlyOwner() {
require(msg.sender == owner);
_;
}
function mint(address to, uint amount) public onlyOwner {
balances[to] += amount;
}
3. Integer Overflow (pre-0.8.0)
Solidity 0.8.0 से, automatic protection। लेकिन unchecked blocks पर ध्यान दें!
4. Timestamp Manipulation
Risk: Miners block.timestamp manipulate कर सकते हैं (±15 seconds)।
// ❌ randomness के लिए VULNERABLE
function random() public view returns (uint) {
return uint(keccak256(abi.encodePacked(block.timestamp)));
}
// ✅ Oracle use करें (Chainlink VRF)
5. tx.origin for Auth
Risk: tx.origin को phishing via exploit किया जा सकता है।
// ❌ VULNERABLE
function withdraw() public {
require(tx.origin == owner);
// Phishing possible!
}
// ✅ SECURE
function withdraw() public {
require(msg.sender == owner);
}
निष्कर्ष
इन vulnerabilities को detect करने के लिए Slither, Foundry fuzz testing और professional audits use करें।
Solingo पर हमारे 60 security challenges के साथ practice करें!