Smart contract exploits cost the DeFi ecosystem over $1.7 billion in 2024, and losses continued through 2025. The same vulnerability classes keep appearing — not because they're new, but because teams keep deploying without checking for them. Here are the five that matter most.
1. Reentrancy Attacks
Reentrancy is the most frequently exploited vulnerability in DeFi history. An attacker can repeatedly call back into your contract before the first execution finishes, draining funds before balances are updated.
Vulnerable pattern:
function withdraw(uint256 amount) external {
require(balances[msg.sender] >= amount);
(bool ok,) = msg.sender.call{value: amount}(""); // ← external call first
require(ok);
balances[msg.sender] -= amount; // ← state update too late
}
Safe pattern (Checks-Effects-Interactions):
function withdraw(uint256 amount) external {
require(balances[msg.sender] >= amount);
balances[msg.sender] -= amount; // ← update state first
(bool ok,) = msg.sender.call{value: amount}("");
require(ok);
}
Use OpenZeppelin's ReentrancyGuard for an additional layer of protection.
2. Access Control Failures
Missing or misconfigured access controls accounted for the largest losses in 2024 ($953M). Critical functions left unprotected allow anyone to call them directly.
// No access control
function setAdmin(address newAdmin) external {
admin = newAdmin;
}
// Protected
function setAdmin(address newAdmin) external onlyOwner {
admin = newAdmin;
}
Watch out for tx.origin checks — they can be bypassed via a malicious intermediary contract. Always use msg.sender.
3. Flash Loan Price Manipulation
Flash loans allow borrowing large sums within a single transaction. If your protocol reads price from an on-chain AMM spot price, an attacker can manipulate it within that transaction to drain your treasury.
Prevention: Use time-weighted average prices (TWAP) from Uniswap v3, or a decentralized oracle like Chainlink. Single-source spot prices from getReserves() are not safe for use in lending or pricing logic.
4. Integer Overflow / Underflow
Pre-Solidity 0.8.0, arithmetic didn't revert on overflow. Many legacy contracts still run under older compiler versions.
// Solidity < 0.8.0, this wraps to type(uint).max
uint256 balance = 0;
balance -= 1; // underflows silently
Fix: Use Solidity 0.8.x (safe math by default) or OpenZeppelin's SafeMath for older code. If you're maintaining contracts on an older compiler, this should be at the top of your upgrade list.
5. Unprotected Initializers
Upgradeable proxy contracts use initialize() instead of constructor(). If the initializer isn't protected with the initializer modifier, an attacker can re-initialize the contract and take ownership.
// Callable by anyone, anytime
function initialize(address _owner) public {
owner = _owner;
}
// One-time call enforced
function initialize(address _owner) public initializer {
owner = _owner;
}
This has caught out multiple production deployments — the proxy pattern is well understood, but the initialization step is easy to overlook under deployment pressure.
How ContractScan Helps
ContractScan checks for all five of these vulnerability categories. Try the scanner on your next contract before deployment.
Important Notes
This post is for informational and educational purposes only. It does not constitute financial, legal, or investment advice. The security analysis provided is based on available data and automated tools, which may not capture all potential vulnerabilities. Always conduct a professional audit before deploying smart contracts.