Skill Guide

Common smart contract vulnerability taxonomy (reentrancy, flash loan attacks, oracle manipulation, access control flaws)

A systematic classification of the most common and critical attack vectors in Ethereum Virtual Machine (EVM) smart contracts, focusing on the four pillars: reentrancy, flash loan attacks, oracle manipulation, and access control flaws.

This skill is foundational for blockchain security auditors and DeFi protocol developers, directly preventing catastrophic financial losses and reputational damage. It translates directly to protocol resilience, user fund safety, and the long-term viability of decentralized applications.

1 Careers

1 Categories

9.2 Avg Demand

20% Avg AI Risk

How to Learn Common smart contract vulnerability taxonomy (reentrancy, flash loan attacks, oracle manipulation, access control flaws)

Begin by mastering the core mechanics of the Ethereum Virtual Machine (EVM) and Solidity, focusing on the execution model and state variables. Study the official documentation for OpenZeppelin's Contracts library to understand standard security patterns like ReentrancyGuard and Ownable. Complete introductory Capture The Ether or Ethernaut levels targeting simple reentrancy and access control vulnerabilities.

Analyze real-world post-mortems of exploited protocols (e.g., The DAO, bZx, Harvest Finance) to deconstruct the attack flow. Practice performing manual code reviews using a checklist based on the SWC Registry (Smart Contract Weakness Classification). Build a personal library of test cases using Hardhat or Foundry that specifically target these four vulnerability classes.

Design and architect complex, multi-protocol systems where these vulnerabilities can emerge through cross-contract interactions and economic incentives. Develop automated detection heuristics for tools like Slither or Mythril, focusing on novel attack patterns. Mentor junior auditors by walking them through your own audit reports, explaining your threat modeling and prioritization methodology.

Practice Projects

Beginner

Project

Vulnerable Contract Deconstruction

Scenario

You are provided with the source code of a simplified, vulnerable Vault contract that is susceptible to a classic reentrancy attack.

How to Execute

1. Deploy the contract to a local Hardhat/Foundry testnet. 2. Write a test that demonstrates a successful reentrancy attack by creating a malicious contract that calls back into the Vault's withdraw function. 3. Implement the Checks-Effects-Interactions pattern to fix the vulnerability and verify the attack now fails.

Intermediate

Project

Flash Loan Attack Simulation

Scenario

You must audit a novel lending protocol that uses a spot price oracle from a single decentralized exchange (DEX) for collateral valuation.

How to Execute

1. Use a tool like Brownie or Foundry to script a flash loan from Aave or dYdX. 2. Write a contract that uses the borrowed funds to manipulate the price on the target DEX within the same transaction. 3. Demonstrate the manipulation allows you to borrow an excessive amount of collateral from the lending protocol. 4. Propose a mitigation, such as using a Time-Weighted Average Price (TWAP) oracle.

Advanced

Project

Cross-Protocol Threat Model & Audit

Scenario

Audit a new yield-aggregator protocol that stakes user funds into multiple underlying DeFi protocols, each with their own governance and upgrade mechanisms.

How to Execute

1. Map all external contract calls and trust boundaries. 2. Identify all privileged roles (admin, governor) and the access control flaws that could lead to a rug-pull or malicious upgrade. 3. Model economic attack vectors where flash loans could be used to manipulate the governance of one underlying protocol to attack the aggregator. 4. Deliver a prioritized report with fix recommendations and severity scores.

Tools & Frameworks

Security Analysis & Testing Frameworks

Foundry/ForgeSlitherMythril

Foundry is the primary development and testing environment for writing and running exploit PoCs. Slither is a static analyzer for automated vulnerability detection. Mythril performs symbolic execution for deeper analysis. Use them in sequence: Slither for quick scans, Mythril for complex path exploration, and Foundry for manual testing and exploit development.

Vulnerability Reference & Education

SWC RegistryEthernaut & Capture The EtherRekt.news

The SWC Registry provides a canonical taxonomy with IDs for every weakness type. Ethernaut and Capture The Ether offer hands-on, interactive lessons. Rekt.news is essential reading for understanding real-world exploit mechanics and economic impact.

Interview Questions

Answer Strategy

The answer must demonstrate a process, not just definitions. A strong candidate will describe a multi-step approach: 1) Manual review using the Checks-Effects-Interactions pattern as a mental model, 2) Running Slither with specific detectors (e.g., reentrancy-eth, reentrancy-no-eth), 3) Writing Foundry fuzz tests that attempt reentrant calls, 4) Considering cross-function and cross-contract reentrancy, not just simple single-function reentrancy.

Answer Strategy

Tests understanding of economic attack surfaces. A good answer will: 1) Clearly state the attack involves using a flash loan to skew the pool's reserves, 2) Explain that the manipulated spot price can be used to drain the protocol via under-collateralized borrowing, 3) Propose a concrete mitigation like switching to a TWAP oracle from Uniswap V3 or using a Chainlink price feed.