Link to this headingSmart Contracts (EVM)

IDE for Smart Contracts
Guidelines and training materials to write secure smart contracts
Ethereum opcodes and instruction reference
Smart Contract Audit Reports

Link to this headingFunctions

Link to this headingDifference between CALL, CALLCODE and DELEGATECALL

CALL: Calls a function from another contract address. The msg.sender is the parent function and the tx.origin is the top of the callstack. You can only access the leaf contract memory.

CALLCODE (Deprecated): Has access to the original contract’s storage.

DELEGATECALL: allows a contract to call another contract but access and modify the storage of the original contract.
- This is used in proxy calls where the main contract calls the current implementation of the contract but still has access to the original Storage

Link to this headingVulnerabilities

Link to this headingPhishing tx.origin

If the Smart Contract calls a function on a Malicious contract it may be able to call the original contract.
If this happens then the tx.origin will be the Targeted Contract. This means if there is a owner() that checks the tx.origin is the same as the deployed contract address then you will be able to modify as the owner.

Link to this headingGas Drain EVM Attack

If there is no limit that is placed on function calls, there is the ability to waste a contract’s ETH by doing gas-heavy instructions. This can break the Smart Contract so that the money in the contract is eaten up by fees.