These are attacks which are no longer possible due to changes in the protocol or improvements to solidity. They are recorded here for posterity and awareness.
Call Depth Attack (deprecated)¶
Constantinople Reentrancy Attack¶
On January 16th, 2019, Constantinople protocol upgrade was delayed due to a security vulnerability enabled by EIP 1283. EIP 1283: Net gas metering for SSTORE without dirty maps proposes changes to reduce excessive gas costs on dirty storage writes.
This change led to possibility of a new reentrancy vector making previously known secure withdrawal
.transfer()) unsafe in specific
where the attacker could hijack the control flow and use the remaining gas enabled by EIP 1283,
leading to vulnerabilities due to reentrancy.