Chapter 15 Quiz: Smart Contract Security
Question 1
What is the fundamental reason reentrancy attacks are possible in Solidity?
A) The Solidity compiler has a bug that allows recursive function calls. B) When a contract sends ETH to another contract, the recipient's code executes before the sender's function completes, allowing the recipient to call back into the sender. C) The Ethereum Virtual Machine does not support mutex locks. D) Mapping data structures in Solidity are inherently vulnerable to concurrent access.
Answer: B. Reentrancy occurs because external calls (such as sending ETH) transfer execution control to the recipient contract, which can then call back into the sender before the sender's function has finished executing. This is a fundamental property of how the EVM handles external calls, not a compiler bug.
Question 2
The checks-effects-interactions (CEI) pattern prevents reentrancy by:
A) Encrypting all external calls so they cannot be intercepted.
B) Limiting the gas available for external calls to prevent recursive calls.
C) Updating all state variables before making external calls, so reentrant calls see the already-updated state.
D) Requiring all functions to be marked as view or pure.
Answer: C. The CEI pattern structures functions so that state updates (effects) occur before external calls (interactions). If an attacker re-enters the contract, the state has already been updated (e.g., the balance has already been set to zero), so the reentrant call fails its checks.
Question 3
What makes flash loan attacks unique compared to traditional financial attacks?
A) They require the attacker to have good credit history. B) They allow anyone to temporarily control massive amounts of capital (millions or billions) for the cost of a transaction fee, with zero collateral. C) They can only be executed by validators who produce blocks. D) They require the attacker to hold the borrowed funds for at least 24 hours.
Answer: B. Flash loans are uncollateralized loans that must be repaid within a single transaction. Because of blockchain atomicity, the lender takes no risk (the transaction reverts if not repaid). This means anyone can temporarily access unlimited capital, breaking assumptions that many protocols make about who can be a "whale."
Question 4
A DeFi protocol uses the spot price from a single Uniswap pool as its price oracle. Which of the following is the PRIMARY risk?
A) Uniswap might go offline, leaving the protocol without price data. B) An attacker can use a flash loan to make a large trade that manipulates the spot price, exploit the victim protocol using the distorted price, and reverse the trade — all in one transaction. C) The Uniswap pool might run out of liquidity. D) Uniswap prices are always delayed by at least one block.
Answer: B. On-chain spot prices from a single DEX pool can be manipulated by anyone with sufficient capital (which flash loans provide for free). This is the classic oracle manipulation attack pattern described in Section 15.3.
Question 5
The Parity wallet hack resulted in $150 million being permanently frozen because:
A) The private keys were lost in a server crash.
B) A user called selfdestruct on the shared library contract that all Parity wallets depended on for their logic, rendering every wallet non-functional.
C) The Ethereum network was congested and transactions could not be processed.
D) A hard fork was required but the community voted against it.
Answer: B. The Parity wallet library contract was deployed as an uninitialized wallet. A user called initWallet() to become its owner, then called kill() which executed selfdestruct on the library. Since all Parity multi-sig wallets delegated their logic to this library, they all became permanently non-functional.
Question 6
In the context of MEV, what is a "sandwich attack"?
A) An attack where the attacker places a transaction both before AND after a victim's DEX trade, profiting from the price impact. B) An attack where the attacker uses two different protocols simultaneously. C) An attack where three different contracts are exploited in sequence. D) An attack where the attacker intercepts and modifies a victim's transaction.
Answer: A. A sandwich attack involves front-running the victim's trade (buying before them to push the price up), letting the victim trade at the worse price, then back-running (selling at the elevated price). The victim's transaction is "sandwiched" between the attacker's two transactions.
Question 7
Which automated security tool uses symbolic execution to explore all possible execution paths through a smart contract?
A) Slither B) Echidna C) Mythril D) Certora Prover
Answer: C. Mythril uses symbolic execution, treating inputs as symbolic variables and using a constraint solver (Z3) to determine which inputs can reach each code path. Slither uses static analysis, Echidna uses property-based fuzzing, and Certora uses formal verification with SMT solvers.
Question 8
Why can't smart contract bugs be patched after deployment (without using proxy patterns)?
A) The Ethereum Foundation prohibits code changes after deployment. B) Smart contract bytecode on the blockchain is immutable — once deployed, the code at that address cannot be modified. C) Changing deployed code would require all validators to agree unanimously. D) The gas cost of modifying deployed code is prohibitively expensive.
Answer: B. Smart contracts are deployed as bytecode to a specific address on the blockchain. This bytecode is immutable — it cannot be changed by anyone, including the deployer. This is a fundamental design property of the EVM. Proxy patterns (upgradeable contracts) work around this by delegating logic to a separate implementation contract that can be swapped, but the proxy contract's own code remains immutable.
Question 9
A smart contract audit report classifies a finding as "Critical." What does this severity level typically indicate?
A) The code has style issues that should be cleaned up. B) There is a direct path to loss of funds or permanent freezing of funds. C) The contract uses slightly more gas than optimal. D) The contract's documentation does not match its behavior.
Answer: B. In standard audit severity classifications, "Critical" indicates a direct and immediate risk of fund loss or permanent fund freezing. This is the highest severity and requires fixing before deployment. Lower severities (High, Medium, Low, Informational) represent progressively less severe issues.
Question 10
Which of the following is NOT a valid defense against flash loan governance attacks?
A) Snapshot-based voting (using token balances from a past block number). B) Timelock on proposal execution (48-hour delay between approval and execution). C) Requiring token holders to stake tokens for a minimum period before gaining voting power. D) Increasing the gas limit for governance transactions.
Answer: D. Increasing the gas limit has no effect on flash loan attacks. Snapshot voting (A) prevents flash-borrowed tokens from counting because they did not exist at the snapshot block. Timelocks (B) prevent same-transaction proposal execution. Staking requirements (C) prevent temporary token holders from voting. All three are valid defenses.
Question 11
In the context of smart contract security, what is "defense in depth"?
A) Writing longer Solidity functions that check more conditions. B) Deploying contracts on multiple blockchains simultaneously. C) Using multiple overlapping security mechanisms so that the failure of any single defense does not result in a vulnerability. D) Hiring multiple audit firms to review the same code.
Answer: C. Defense in depth means layering multiple security mechanisms (e.g., checks-effects-interactions pattern AND a reentrancy guard AND formal verification of the no-reentrancy property). Each layer addresses the potential failure of the layers below it. While hiring multiple auditors (D) is good practice, defense in depth specifically refers to the architectural principle of overlapping technical defenses.
Question 12
What was the outcome of The DAO hack in terms of Ethereum governance?
A) The Ethereum Foundation deployed a patch that fixed the vulnerability. B) The community executed a hard fork to reverse the theft, but a minority continued the original chain as Ethereum Classic. C) The attacker was identified and returned the funds voluntarily. D) The funds were permanently lost and no action was taken.
Answer: B. The Ethereum community chose to hard fork the chain at block 1,920,000 to move the stolen 3.6 million ETH to a recovery contract. The majority adopted the fork (retaining the name Ethereum), but a minority refused and continued the original chain as Ethereum Classic (ETC), arguing that immutability should not be violated.
Question 13
Read-only reentrancy is particularly dangerous because:
A) It cannot be detected by any automated tools. B) It exploits view functions that return stale data during a state transition, causing dependent protocols to make decisions based on incorrect information. C) It does not require the attacker to make any transactions. D) It bypasses the ReentrancyGuard modifier entirely because view functions do not modify state.
Answer: B. Read-only reentrancy occurs when an attacker re-enters a view function during a state transition. The view function returns data that does not reflect the in-progress state change. If another protocol reads this view function to make decisions (such as calculating a price), it uses stale/incorrect data. While (D) is partially true (ReentrancyGuard only blocks state-modifying reentrancy), the core danger is stale data affecting dependent protocols.
Question 14
Which of the following correctly orders the phases of a systematic smart contract audit?
A) Automated analysis, manual review, specification review, testing, reporting B) Specification review, architecture analysis, automated analysis, manual review, testing, reporting C) Manual review, automated analysis, specification review, reporting, testing D) Testing, automated analysis, manual review, specification review, reporting
Answer: B. The systematic audit process starts with understanding what the contract should do (specification review), mapping the system architecture, running automated tools to catch low-hanging fruit, conducting thorough manual line-by-line review, writing proof-of-concept exploits for discovered vulnerabilities (testing), and finally compiling findings into a report.
Question 15
Why is tx.origin dangerous for authentication in smart contracts?
A) It returns a random value each time it is called.
B) It returns the address of the original externally owned account that initiated the transaction, so a malicious intermediary contract can trick the target into thinking it is being called directly by the user.
C) It costs significantly more gas than msg.sender.
D) It was deprecated in Solidity 0.8.0 and no longer compiles.
Answer: B. tx.origin always returns the EOA that started the transaction chain, regardless of how many contracts are in between. An attacker can create a contract that tricks a user into calling it, and that contract then calls the target. The target sees tx.origin as the user's address and grants access. Using msg.sender instead checks the immediate caller, which would be the attacker's intermediary contract.