Vulnerability Corpus
A collection of known vulnerabilities and security issues that Starkbiter can help detect and prevent.
Overview
This corpus catalogs common vulnerabilities in smart contracts, particularly in the Starknet/Cairo ecosystem, and demonstrates how Starkbiter can be used to detect them through simulation and testing.
Vulnerability Categories
1. Reentrancy
Description: Attackers exploit function calls that allow external contract calls before state updates.
Detection with Starkbiter:
#![allow(unused)] fn main() { #[tokio::test] async fn test_reentrancy_vulnerability() { let env = Environment::builder().build().await?; let (victim, attacker) = setup_reentrancy_test(&env).await?; // Attempt reentrancy attack let initial_balance = victim.get_balance().await?; attacker.exploit().await?; let final_balance = victim.get_balance().await?; // Should not allow draining assert_eq!(initial_balance, final_balance); } }
Prevention: Use checks-effects-interactions pattern, reentrancy guards.
2. Integer Overflow/Underflow
Description: Arithmetic operations that exceed type bounds.
Detection with Starkbiter:
#![allow(unused)] fn main() { #[tokio::test] async fn test_overflow_vulnerability() { let env = Environment::builder().build().await?; let contract = deploy_vulnerable_contract(&env).await?; // Try to overflow let max_value = Felt::from(u128::MAX); let result = contract.add(max_value, Felt::ONE).await; // Should handle overflow safely assert!(result.is_err() || result.unwrap() != Felt::ZERO); } }
Prevention: Use checked arithmetic, Felt type bounds checking.
3. Access Control Issues
Description: Missing or incorrect permission checks.
Detection with Starkbiter:
#![allow(unused)] fn main() { #[tokio::test] async fn test_access_control() { let env = Environment::builder().build().await?; let owner = env.create_account().await?; let attacker = env.create_account().await?; let contract = deploy_with_owner(&env, &owner).await?; // Attacker tries privileged operation let result = contract.as_account(&attacker).privileged_function().await; // Should be rejected assert!(result.is_err()); } }
Prevention: Implement proper role-based access control.
4. Front-Running
Description: Attackers observe pending transactions and submit competing transactions with higher fees.
Detection with Starkbiter:
#![allow(unused)] fn main() { #[tokio::test] async fn test_frontrunning_vulnerability() { let env = Environment::builder().build().await?; let world = World::new(env); // Add frontrunner agent world.add_agent(Agent::new("frontrunner", FrontRunnerBehavior)); world.add_agent(Agent::new("victim", VictimBehavior)); world.run_for_blocks(100).await?; // Analyze if frontrunning occurred let metrics = world.get_metrics(); assert!(metrics.frontrunning_detected == false, "Vulnerable to frontrunning"); } }
Prevention: Use commit-reveal schemes, batch auctions.
5. Price Oracle Manipulation
Description: Attackers manipulate price oracles to exploit DeFi protocols.
Detection with Starkbiter:
#![allow(unused)] fn main() { #[tokio::test] async fn test_oracle_manipulation() { let env = Environment::builder().build().await?; let protocol = deploy_lending_protocol(&env).await?; let pool = deploy_dex_pool(&env).await?; // Take snapshot let snapshot = env.snapshot().await?; // Simulate large trade to manipulate price let whale = create_whale_account(&env).await?; pool.swap(&whale, large_amount).await?; // Try to exploit with manipulated price let profit = protocol.exploit_price_manipulation(&env).await?; // Restore env.restore(snapshot).await?; // Protocol should be resistant assert!(profit == Felt::ZERO, "Vulnerable to oracle manipulation"); } }
Prevention: Use TWAP oracles, multiple oracle sources, sanity checks.
6. Flash Loan Attacks
Description: Attackers use flash loans to manipulate markets or exploit protocols.
Detection with Starkbiter:
#![allow(unused)] fn main() { #[tokio::test] async fn test_flash_loan_attack() { let env = Environment::builder().build().await?; let world = World::new(env); // Setup protocol and flash loan attacker let protocol = setup_vulnerable_protocol(&world).await?; world.add_agent(Agent::new("attacker", FlashLoanAttacker::new())); let initial_tvl = protocol.get_tvl().await?; world.run_for_blocks(10).await?; let final_tvl = protocol.get_tvl().await?; // TVL should not be drained assert!(final_tvl >= initial_tvl * 99 / 100, "Vulnerable to flash loan attack"); } }
Prevention: Circuit breakers, time delays, borrowing limits.
7. Denial of Service
Description: Attackers prevent legitimate users from using the contract.
Detection with Starkbiter:
#![allow(unused)] fn main() { #[tokio::test] async fn test_dos_vulnerability() { let env = Environment::builder().build().await?; let contract = deploy_contract(&env).await?; // Attacker fills contract storage let attacker = env.create_account().await?; for i in 0..1000 { contract.add_item(&attacker, i).await?; } // Legitimate user should still be able to interact let user = env.create_account().await?; let result = contract.use_contract(&user).await; assert!(result.is_ok(), "Vulnerable to DoS"); } }
Prevention: Gas limits, rate limiting, bounded iterations.
8. Insufficient Validation
Description: Missing input validation allows invalid states.
Detection with Starkbiter:
#![allow(unused)] fn main() { #[tokio::test] async fn test_validation_vulnerability() { let env = Environment::builder().build().await?; let contract = deploy_contract(&env).await?; // Try invalid inputs let invalid_inputs = vec![ Felt::ZERO, Felt::from(u128::MAX), Felt::from(-1i128), ]; for input in invalid_inputs { let result = contract.process(input).await; assert!(result.is_err(), "Missing validation for: {:?}", input); } } }
Prevention: Comprehensive input validation, require statements.
Using the Corpus
Testing Your Contracts
- Review applicable vulnerability categories
- Implement detection tests for your contract
- Run tests with Starkbiter
- Fix identified issues
- Re-test
Contributing
If you discover a new vulnerability pattern:
- Document the vulnerability
- Create a detection test
- Submit a PR to this corpus
- Include mitigation strategies
Resources
Next Steps
- Testing Strategies - Advanced testing techniques
- Anomaly Detection - Detecting vulnerabilities
- Examples - See detection in action