Smart Contract Exploits
Smart-contract exploits turn logic mistakes into direct financial loss.
Smart contracts often control assets and are difficult to patch after deployment.
The Intuition
Attackers usually do not break cryptography. They find a path through the contract's own rules that the designer forgot.
See it concretely
A vending machine that refunds before updating its balance can be tricked into refunding repeatedly. That is the intuition behind reentrancy.
Tempting — but wrong
The precise version
Common exploit classes include reentrancy, access-control failures, oracle manipulation, unsafe external calls, delegatecall misuse, upgrade storage collisions, signature replay, initialization bugs, rounding errors, and invariant violations. Defense uses checks-effects-interactions, least privilege, pull payments, circuit breakers, fuzzing, invariant tests, formal verification where appropriate, audits, monitoring, and careful governance.
exploit = reachableBug + valuableState + adversarialPathCheck your understanding
What is reentrancy?
Click to reveal answer
Why are invariants useful?
Click to reveal answer
- Recognize reentrancy and access-control failures.
- Explain checks-effects-interactions.
- Explain oracle and upgrade risks.
- Use testing, fuzzing, auditing, and monitoring as layers.
What is reentrancy?