Smart Contract Vulnerabilities

A reentrancy attack occurs when a contract makes an external call before updating its state, allowing the called contract to re-enter the calling function and drain funds.

Access control vulnerabilities occur when functions lack proper authorization checks, allowing unauthorized users to execute privileged operations like minting tokens or withdrawing funds.

Flash loan attacks exploit the ability to borrow massive amounts of capital without collateral in a single transaction, using it to manipulate prices, drain liquidity pools, or exploit protocol logic.

Oracle manipulation attacks exploit contracts that rely on easily-manipulable price data sources, allowing attackers to inflate or deflate asset prices to drain protocol funds.

Integer overflow and underflow occur when arithmetic operations exceed the maximum or minimum value of a data type, wrapping around and producing unexpected results.

Signature replay attacks occur when a valid signed message can be reused to execute the same action multiple times, or across different contracts or chains.

Proxy patterns enable contract upgradeability but introduce risks like storage collisions, uninitialized implementations, and unauthorized upgrades that can compromise the entire protocol.

Token integration issues arise when contracts interact with ERC-20 tokens that deviate from the standard — including fee-on-transfer tokens, rebasing tokens, and tokens with non-standard return values.

Cross-contract interaction bugs emerge when contracts interact with other protocols in unexpected ways, including callback exploits, composability issues, and trust assumptions about external contracts.

Economic attacks exploit the financial logic of DeFi protocols — including sandwich attacks, front-running, MEV extraction, liquidity manipulation, and incentive misalignment.