🔓 Smart Contract Vulnerabilities

Comprehensive guides on common vulnerabilities found in smart contracts. Learn how attacks work and how to protect your protocols.

Showing 12 of 12 articles

⭐ Featured

Must-read vulnerability guides

intermediatecritical

Reentrancy Attacks Explained

Deep dive into reentrancy vulnerabilities, the attack that caused the infamous DAO hack, and modern prevention techniques.

ReentrancySolidityDeFi
10 min readDec 15, 2024
advancedcritical

Flash Loan Attack Vectors

Understanding how flash loans enable sophisticated attacks and price manipulations in DeFi protocols.

Flash LoansDeFiPrice Manipulation
15 min readDec 12, 2024

All Vulnerabilities

Complete list of vulnerability guides

beginnerhigh

Access Control Vulnerabilities

Common access control mistakes that lead to unauthorized function calls and privilege escalation.

Access ControlAuthorizationModifiers
7 min readDec 10, 2024
beginnerhigh

Integer Overflow & Underflow

How arithmetic bugs can break your contract logic and why Solidity 0.8+ changed everything.

ArithmeticSafeMathSolidity 0.8
6 min readDec 8, 2024
advancedcritical

Oracle Manipulation Attacks

How attackers exploit price oracles and the importance of using TWAP and decentralized oracle networks.

OraclesChainlinkTWAP
12 min readDec 5, 2024
intermediatemedium

Front-Running & MEV

Understanding transaction ordering attacks, sandwich attacks, and MEV protection strategies.

MEVFront-RunningSandwich Attack
9 min readDec 3, 2024
intermediatemedium

Denial of Service (DoS) Attacks

How gas limits, unbounded loops, and external calls can be exploited to halt your contract.

DoSGas LimitLoops
8 min readNov 30, 2024
intermediatehigh

Signature Replay Attacks

Why signatures need nonces and domain separators, and how to implement EIP-712 correctly.

SignaturesEIP-712Replay Attack
10 min readNov 28, 2024
advancedcritical

Storage Collision in Proxies

Understanding storage layout issues in upgradeable contracts and how to avoid them.

ProxyUpgradeableStorage
11 min readNov 25, 2024
beginnermedium

Unchecked Return Values

Why ignoring return values from external calls can lead to silent failures and fund losses.

Return ValuesExternal CallsError Handling
5 min readNov 22, 2024
beginnerlow

Timestamp Manipulation

The risks of using block.timestamp for critical logic and safer alternatives.

TimestampBlock VariablesRandomness
5 min readNov 20, 2024
beginnerhigh

tx.origin Phishing

Why using tx.origin for authentication is dangerous and how it enables phishing attacks.

tx.originPhishingAuthentication
4 min readNov 18, 2024