Dust Attack Explained in Detail
A dust attack introduces tiny balances or positions the protocol did not expect. The dust may be ETH, ERC20 units, shares, liquidity, or debt.
Small amounts can matter when code assumes exact balances, clean zero states, or no unsolicited transfers.
Smart contract example
require(address(this).balance == accountedBalance);
This can be broken if ETH is forced into the contract.
Dust Attack in Auditing
Dust can break exact-balance invariants, affect share math, keep positions alive, or trigger rounding losses. It is often cheap for attackers to try.
Auditors test one-wei and one-unit edge cases intentionally.
Red flags in code
-
Contract balance must equal internal accounting exactly.
-
Raw token balance is trusted as managed assets.
-
No minimum deposit, share, debt, or liquidity size.
-
Cleanup paths fail when tiny residual amounts remain.
-
Vault math is sensitive to direct donations.
How to test or review it
-
Transfer 1 wei or 1 token unit directly to the contract.
-
Force ETH into the contract where relevant.
-
Test deposit, withdraw, repay, close, and liquidation around zero and one unit.
-
Check whether dust can grow arrays or block cleanup.
-
Review donation attack and rounding paths together.
Keep learning this topic
Dust Position
A dust position is a very small residual balance, debt, share amount, liquidity amount, or collateral amount left after protocol actions.
Donation Attack
A donation attack manipulates protocol accounting by transferring tokens directly to a contract without using the intended deposit path.
Precision Loss
Precision loss happens when integer arithmetic drops fractional value during division, scaling, or fixed-point conversions.
Practice this in real audit scenarios
Definitions help, but auditors need reps. SCH turns concepts like Dust Attack into exploit labs, code review habits, and report-writing practice.
Start the free trial or see the full smart contract auditing course.