Smart Contract Attacks Library
Explore our comprehensive collection of smart contract vulnerabilities, attack vectors, and security exploits. Master the techniques used by hackers and auditors alike.
Editorial intro: this library is continuously updated with exploitation patterns, historical context, and prevention guidance for Solidity teams. Last updated Apr 03, 2026.
Attack Classes
Click on any attack to learn more about it
Access Control Attacks
Access control vulnerabilities are the single most devastating category of smart contract exploits in blockchain history. Ranked #1 on the OWASP Sm...
Arithmetic Overflows Underflows
Integer overflow and underflow attacks have drained over $1 billion from Decentralized Finance (DeFi) protocols and web3 projects. In April 2018, a...
Delegatecall & Call Injection Attacks
The Parity Wallet hack didn't just freeze $150 million—it proved that a single vulnerability can permanently destroy an entire protocol. In Novembe...
Flash Loans Attacks
Imagine being able to borrow $100 million from a bank, manipulate a stock price, pocket the profits, and return the original money—all before the b...
Oracle Manipulation & Price Manipulation Attacks
Imagine $34 million vanishing into thin air in just 7 minutes. That's exactly what happened to Harvest Finance on October 26, 2020, exposing one of...
Reentrancy
Reentrancy attacks are, without a doubt, the most notorious and financially devastating smart contract vulnerabilities in blockchain history. If yo...
Dao Governance Attacks
DAO governance attacks are among the most sophisticated exploits in DeFi—and they're only getting more dangerous. From the infamous $182 million Be...
Frontrunning & Sandwich Attacks
Frontrunning attacks exploit the transparent nature of blockchain mempools to steal value from unsuspecting users. Imagine playing a game of poker ...
Phishing Attacks
Let's cut right to the chase: Web3 phishing attacks are the #1 threat in the crypto ecosystem today. While complex smart contract bugs get all the ...
Dos Attacks
Denial of Service (DOS) attacks are the silent assassins of the Web3 world. Forget the flashy, split-second million-dollar heists—DOS vulnerabiliti...
Replay Attacks
Imagine handing someone a signed blank check, expecting them to cash it exactly once. Now imagine they photocopy that exact same check and cash it ...
Self Destruct Attacks
Flashback to November 2017: A curious GitHub user accidentally triggered a few lines of code and essentially froze 513,774 ETH forever—a stash wort...
Sensitive On Chain Data
Every single byte you store on a public blockchain is just that—public. The Solidity keyword probably fools more Web3 developers than any clever ex...
Weak Randomness Attacks
Randomness is the beating heart of Web3 lotteries, NFT minting, gaming, and fair token distributions. But here's the dirty secret about blockchains...
Unchecked Return Value Attacks
Unchecked return values are easily one of the most deceptive vulnerabilities in smart contract development. Your code compiles cleanly, deploys wit...
Ready to Master Smart Contract Security?
Learn to identify and exploit these vulnerabilities hands-on with our comprehensive Smart Contract Hacking course.
Start Free Trial View PricingWant to go deeper? Explore our security articles →