Smart contracts are unforgiving: the code is public, you usually cannot patch it after deployment, and it controls funds directly. This section breaks the code-level vulnerabilities (reentrancy, integer overflow, access control, delegatecall) and the economic attacks (flash loans, oracle manipulation, front-running, rug pulls) into plain-language explainers, each ending with how an audit catches the issue before it ships.
Topics
- What is a Smart Contract Audit?: how a security review of on-chain code works and what it covers.
- What is Smart Contract Security?: why on-chain code is uniquely unforgiving, and the main classes of bugs.
Key vulnerabilities explained
Plain-language definitions of the bugs and attacks smart contract audits look for. Each page covers what it is, how the attack works, a code example, and how to defend.
Code-level vulnerabilities
- What is a reentrancy attack?
- What is integer overflow and underflow?
- What is an access control vulnerability?
- What is a delegatecall vulnerability?
- What is an unchecked external call?
- What is tx.origin authentication?
- What is a proxy storage collision?
Economic and protocol attacks
How to read this section
The pages split into two families.
- Code-level vulnerabilities: bugs in the contract logic itself, reentrancy, integer overflow, access control, delegatecall, unchecked calls, tx.origin, and proxy storage collisions.
- Economic and protocol attacks: abuses of how the protocol and the wider DeFi ecosystem behave, flash loans, oracle manipulation, front-running and MEV, rug pulls, signature replay, and denial of service.
Each explainer ends with how a smart contract audit catches the issue before the code is deployed and irreversible.
References
- [1]OWASP Smart Contract Top 10(OWASP)
- [2]Ethereum.org: Smart contract security(Ethereum.org)
- [3]Solidity docs: Security considerations(Solidity)