CBSE - Certified Blockchain Security Expert Smart Contract Vulnerabilities Questions and Answers

Question 1

A smart contract function updates a user's balance after making an external call to an untrusted address. Which vulnerability is most likely to be exploited in this scenario?

Accepted Answer

Reentrancy

Answer

Integer Overflow

Answer

Timestamp Dependency

Answer

Gas Limit DoS

Question 2

A DeFi lending platform uses `block.timestamp` to determine when a user's locked assets can be withdrawn. A miner with significant hash power successfully manipulates the timestamps of the blocks they mine. Which of the following vulnerabilities are they exploiting?

Accepted Answer

Timestamp Dependency

Answer

Front-Running

Answer

Access Control Violation

Answer

Integer Underflow

Question 3

A developer is creating an ERC-20 token contract using Solidity version 0.7.0. The `transfer` function subtracts the amount from the sender's balance without using a safe math library. What vulnerability could a user with a balance of 100 tokens exploit if they try to transfer 110 tokens?

Accepted Answer

Integer Underflow

Answer

Reentrancy

Answer

Short Address Attack

Answer

Denial of Service

Question 4

An attacker observes a large buy order for a specific token in the mempool of a decentralized exchange. They quickly submit their own buy order for the same token with a higher gas fee, followed immediately by a sell order. What is this type of attack called?

Accepted Answer

Front-Running (Sandwich Attack)

Answer

Timestamp Dependency

Answer

Integer Overflow

Answer

Unchecked External Call

Question 5

A smart contract for a decentralized lottery game uses the `blockhash` of a future block as a source of randomness to determine the winner. Why is this a potential vulnerability?

Accepted Answer

A miner can withhold a block if they don't like the outcome, re-mining for a favorable hash.

Answer

The blockhash function is computationally expensive and will lead to a DoS.

Answer

Blockhashes are not unique and can cause collisions in the winner selection.

Answer

This will cause an integer overflow when converting the hash to a number.

Question 6

Which of the following describes a Denial of Service (DoS) vulnerability caused by an unbounded loop in a smart contract function that distributes rewards to a list of users?

Accepted Answer

The function's gas cost grows with the number of users, eventually exceeding the block gas limit and becoming impossible to execute.

Answer

An attacker repeatedly calls the function to drain its ether balance through reentrancy.

Answer

A malicious user provides a malformed address that causes the external call to fail, reverting the entire transaction.

Answer

The contract relies on a manipulatable timestamp, allowing an attacker to claim rewards indefinitely.