Want us to help you understand a smart contract bug classification? join discord.gg/WaVMpBtxdB.

Logical and Popular

• Improper Input Validation

• Inocrrect Calculation

• Weak Access Control

• Rounding Errors

Reentrancy

• Reentrancy via Modifier

• Read-Only Reentrancy

• Cross-Function Reentrancy

• Cross-Contract Reentrancy

Front-Running

• Front-Running - Unprotected withdraw

• Front-Running - Sandwich attack

• Front-Running - ERC20 approval

• Front-Running - Signatures

• Back-Running

Flash Loan

• Unprotected Flash Loan

• Flash-Loan Governance Attack

• Flash-Loan Price Attack

Old versioned contracts

• Integer Underflow

• Integer Overflow

Denial of Service

• Denial Of Service (DOS) by complex fallback function

• Denial Of Service (DOS) by gas limit

• Denial Of Service (DOS) by non-existent address or malicious contract

Unclassified

• Force Feeding

• Uninitialized Proxy

• Floating Point Arithmetic

• ECDSA Signature malleability

• ECDSA Signature replay

• Replay Attack

• Price Oracle Manipulation

• Cross-Chain Bridge Manipulation

• Initial Supply Mint Issue

• Divide before multiply

• DeFi Slippage attack

• Amplification Attack Double Spending

• Malicious Honeypot

• Unsafe Delegatecalls

• Loops Gas Limit

• Phishing With Improper Authorization

• Unexpected Ether With Forcibly Sending Ether

• Block timestamp Manipulation

• Unchecked return values

• Insecure Randomness

• Proxy Storage Collision

• Strict equalities

• Timestamp Dependence

• Use of Deprecated Functions

• Requirement Validation

• Absent modifiers

• Rounding Down To Zero

• Race Condition

• Short Address/Parameter Attack

• Gas Limit Exhaustion

• Unchecked External Calls

• Fallback Function Vulnerabilities