// the find
crytic/not-so-smart-contracts
Examples of Solidity security issues
A Trail of Bits reference collection of Solidity vulnerability patterns — reentrancy, integer overflow, bad randomness, frontrunning, and a handful of others — each with a minimal example, attack scenario, and real-world contract that had the bug. Aimed at smart contract auditors and developers learning what not to do. The repo has since been folded into the larger building-secure-contracts project.
Real exploit contracts are included alongside the vulnerable code, not just descriptions. The honeypot section is genuinely useful — it shows contracts designed to trap attackers, which teaches a different mental model than just 'here is a bug'. Each entry links to the actual production contract that got exploited, grounding the patterns in history. Trail of Bits authorship means the technical accuracy is high.
Abandoned in 2023 and officially redirected to building-secure-contracts, so anything added to the successor repo won't appear here. Coverage is thin — 11 vulnerability types is a starter list, not a reference. Several patterns are pre-Solidity-0.8 era (integer overflow is a non-issue with checked arithmetic on by default now), which means some examples teach you to fear problems that the compiler already solves. No test suite or Foundry/Hardhat setup, so you can't run the exploits without wiring up your own environment.