Cross-Template Constraint Gap
Detects signals wired between template instances where the constraint chain is broken, leaving inter-template data flows unconstrained.
Read MoreKnowledge Base
Security detectors, exploit generators, attack patterns, and remediation guides for EVM, Solana, and Zero-Knowledge smart contracts.
355 Detectors 46 Exploits 5 Attack Patterns 285 Remediation Guides
Zero-Knowledge medium Detector
Constraint Degree Overflow
Detects constraint expressions whose multiplicative degree exceeds the proof system's gate degree, forcing expansion or breaking compilation.
zkmediumstatic-analysisdetector
Read More
Zero-Knowledge critical Detector
Division by Zero Risk
Detects divisions and modulo operations where the divisor has no non-zero binding, yielding undefined witness behaviour exploitable by the prover.
cross-runtimecriticalstatic-analysisdetector
Read More
Zero-Knowledge high Detector
Feedback Loop
Detects circular signal dependencies in circuit constraints that prevent deterministic witness generation.
zkhighstatic-analysisdetector
Read More
Zero-Knowledge high Detector
Field Overflow
Detects arithmetic that may wrap the finite field prime, producing field-correct but semantically wrong results for circuits modelling bounded integers.
cross-runtimehighinteger-overflowstatic-analysis
Read More
Zero-Knowledge high Detector
Noir Circuit Detectors
A family of checks for Noir-specific hazards: unconstrained functions, oracle responses, Brillig escapes, and assertion dependencies on mutable state.
cross-runtimehighstatic-analysisdetector
Read More
Zero-Knowledge high Detector
Nondeterministic Control Flow
Detects ternary and conditional expressions inside unconstrained assignments, where the prover chooses which branch produces the witness value.
cross-runtimehighstatic-analysisdetector
Read More
Zero-Knowledge high Detector
Nondeterministic Witness
Detects nondeterministic operators on the right-hand side of `<--` assignments where no constraint later rebinds the result.
cross-runtimehighstatic-analysisdetector
Read More
Zero-Knowledge high Detector
Quadratic Constraint Composition
Detects R1CS quadratic constraints where both multiplicative factors contain only unconstrained signals, breaking proof soundness.
zkhighstatic-analysisdetector
Read More
Zero-Knowledge medium Detector
Missing Range Check
Detects signals consumed by bit-width-sensitive components without a preceding range constraint, enabling silent overflow of comparators and bit decompositions.
cross-runtimemediumstatic-analysisdetector
Read More
Zero-Knowledge medium Detector
Signal Aliasing
Detects redundant equality constraints that create signal aliases without adding security, potentially masking missing constraints.
zkmediumstatic-analysisdetector
Read More
Zero-Knowledge high Detector
Signal as Array Index
Detects array accesses indexed by an unconstrained signal, giving the prover a free choice of which element is read.
cross-runtimehighstatic-analysisdetector
Read More
Zero-Knowledge high Detector
Signal Mutation in Loop
Detects self-referential signal mutation inside loops, where prover-controlled iteration counts allow arbitrary final values.
zkhighstatic-analysisdetector
Read More
Zero-Knowledge high Detector
Signal Reuse
Detects signals assigned more than once, including silent unconstrained overwrites that bypass constraint generation.
zkhighstatic-analysisdetector
Read More
Zero-Knowledge high Detector
Template Misuse
Detects incorrect template instantiation patterns including unused outputs, parameter mismatches, and unconstrained component output reads.
zkhighstatic-analysisdetector
Read More
Zero-Knowledge high Detector
Trivial Constraint
Detects tautological constraints that are always satisfied regardless of signal values, providing no security guarantee.
zkhighstatic-analysisdetector
Read More
Zero-Knowledge high Detector
Unchecked Component
Detects component instances whose inputs or outputs are never wired into the enclosing R1CS, leaving the component's internal constraints disconnected from the proof.
cross-runtimehighstatic-analysisdetector
Read More
Zero-Knowledge critical Detector
Unsafe Comparison
Detects comparison operators used in unconstrained assignments, producing prover-controlled boolean values with no verifier check.
zkcriticalstatic-analysisdetector
Read More
Zero-Knowledge medium Detector
Unused Signals
Detects declared signals that never appear in any constraint or assignment, indicating dead code or incomplete circuit logic.
zkmediumstatic-analysisdetector
Read More
Zero-Knowledge high Detector
Witness Complexity
Detects unconstrained witness expressions that combine several nondeterministic operations, where the constraint set is unlikely to fully rebind the result.
cross-runtimehighstatic-analysisdetector
Read More
SVM Remediation
Anchor Constraint Bypass Remediation
How to fix missing or insufficient Anchor account constraints that allow unauthorized account substitution.
svmaccess-control
Read More
SVM Remediation
Clock Account Spoofing Remediation
How to prevent spoofed Clock sysvar accounts from manipulating time-dependent program logic.
svmaccess-control
Read More
SVM Remediation
Integer Overflow (SVM) Remediation
How to fix integer overflow and underflow vulnerabilities in Solana programs.
svminteger-overflow
Read More
SVM Remediation
PDA Seed Collision Remediation
How to prevent PDA seed collisions that allow distinct logical accounts to resolve to the same address.
svmpda-validation
Read More
SVM Remediation
PDA Validation Remediation
How to fix missing PDA address validation that allows attackers to substitute attacker-controlled accounts.
svmpda-validation
Read More
SVM Remediation
Read-Only Reentrancy Remediation
How to prevent read-only reentrancy attacks where stale state is observed mid-CPI.
svmreentrancy
Read More
EVM medium Detector
AA Signature Audit
Detects signature vulnerabilities in account abstraction implementations including missing chain ID, replay across accounts, and malleability.
evmmediumaccess-controlstatic-analysis
Read More
EVM high Detector
AA Storage Access Violations
Detects banned opcodes and storage access violations in ERC-4337 validation phase that cause bundler rejection.
evmhighaccess-controlstatic-analysis
Read More
EVM high Detector
Account Abstraction (ERC-4337)
Detects security issues in ERC-4337 account abstraction implementations including validation phase violations, paymaster abuse, and bundler manipulation.
evmhighaccess-controlstatic-analysis
Read More
EVM medium Detector
Array Deletion Index
Detects unsafe array element deletion that leaves stale indices or gaps, corrupting data structures that depend on contiguous arrays.
evmmediumstatic-analysisdetector
Read More
EVM medium Detector
Array Length Assumption
Detects parallel array operations that assume equal lengths without validation, risking out-of-bounds access or incomplete processing.
evmmediumstatic-analysisdetector
Read More
EVM low Detector
Assembly Analysis
Analyzes inline assembly usage for memory safety violations, missing overflow checks, and incorrect return data handling.
evmlowstatic-analysisdetector
Read More
EVM high Detector
Balance Accounting Mismatch
Detects contracts that assume transfer amounts equal the actual balance change, failing to account for fee-on-transfer, rebasing, or deflationary tokens.
evmhighstatic-analysisdetector
Read More
EVM high Detector
Batch Operation Atomicity
Detects batch operations that lack atomicity guarantees, allowing partial execution failures to leave the contract in an inconsistent state.
evmhighdenial-of-servicestatic-analysis
Read More
EVM medium Detector
Blob Data Dependency
Detects contracts that depend on EIP-4844 blob data availability, which is only guaranteed for a limited time window.
evmmediumstatic-analysisdetector
Read More
EVM medium Detector
Bytecode Size Limit
Detects contracts approaching or exceeding the EIP-170 24KB bytecode size limit, which prevents deployment.
evmmediumgas-optimizationstatic-analysis
Read More
EVM high Detector
Centralization Risks
Detects excessive owner privileges, single points of failure, and centralization patterns that enable rug pulls or administrative abuse.
evmhighaccess-controlstatic-analysis
Read More
EVM medium Detector
Combined Attack Patterns
Detects combinations of individually lower-severity issues that together form exploitable attack chains.
evmmediumstatic-analysisdetector
Read More
EVM medium Detector
Cross-Contract Taint Flow
Detects tainted data flowing from untrusted external calls into security-critical operations like access control checks or transfer amounts.
evmmediumtaint-analysisstatic-analysis
Read More
EVM low Detector
Dead Code
Detects unreachable code paths and unused internal functions that increase bytecode size and may indicate logic errors.
evmlowstatic-analysisdetector
Read More
EVM high Detector
EIP-7702 Delegation
Detects vulnerabilities in EIP-7702 delegation targets where EOAs temporarily delegate to smart contract code.
evmhighaccess-controlstatic-analysis
Read More
EVM high Detector
ERC-1155 Standard Violations
Detects deviations from the ERC-1155 multi-token standard including missing batch transfer callbacks and incorrect event emissions.
evmhighstatic-analysisdetector
Read More
EVM high Detector
ERC-1271 Signature Verification
Detects insecure ERC-1271 contract signature verification including missing magic value checks, reentrancy during verification, and gas griefing.
evmhighaccess-controlstatic-analysis
Read More
EVM high Detector
ERC-165 Interface Spoofing
Detects contracts that falsely claim ERC-165 interface support, enabling type confusion attacks in routers, marketplaces, and bridges.
evmhighstatic-analysisdetector
Read More
EVM low Detector
ERC-20 Standard Violations
Detects deviations from the ERC-20 token standard including missing return values, incorrect event signatures, and non-standard behavior.
evmlowstatic-analysisdetector
Read More
EVM high Detector
ERC-6900 Modular Account
Detects security issues in modular smart account implementations including plugin validation gaps, execution hook bypass, and module isolation failures.
evmhighaccess-controlstatic-analysis
Read More
EVM low Detector
ERC-721 Standard Violations
Detects deviations from the ERC-721 NFT standard including missing safe transfer checks, incorrect event emissions, and enumeration issues.
evmlowstatic-analysisdetector
Read More
EVM medium Detector
Ether Balance Assumption
Detects contracts that assume their ETH balance equals the sum of deposits, ignoring forcibly sent ETH via selfdestruct or coinbase transactions.
evmmediumstatic-analysisdetector
Read More
EVM low Detector
Gas Optimization
Identifies opportunities to reduce gas consumption including storage packing, unnecessary SLOADs, and suboptimal loop patterns.
evmlowgas-optimizationstatic-analysis
Read More
EVM medium Detector
Hardcoded Gas Values
Detects hardcoded gas stipends and gas limits that break when EVM gas costs change across hard forks or L2 environments.
evmmediumgas-optimizationstatic-analysis
Read More
EVM low Detector
Inheritance Order
Detects incorrect C3 linearization order in multiple inheritance that can cause unexpected function resolution and storage layout issues.
evmlowstatic-analysisdetector
Read More
EVM high Detector
L2 Rollup Vulnerabilities
Detects Layer 2-specific vulnerabilities including sequencer dependency, L1-L2 message replay, and gas price oracle manipulation.
evmhighstatic-analysisdetector
Read More
EVM low Detector
Locked Ether
Detects contracts that can receive ETH but have no mechanism to withdraw or transfer it, permanently trapping funds.
evmlowstatic-analysisdetector
Read More
EVM low Detector
Outdated Compiler
Detects contracts compiled with outdated Solidity versions that contain known bugs or miss important safety features.
evmlowstatic-analysisdetector
Read More
EVM medium Detector
Permit Vulnerabilities
Detects ERC-2612 permit implementation issues including front-running, nonce manipulation, and deadline bypass.
evmmediumaccess-controlstatic-analysis
Read More
EVM low Detector
Private Data Exposure
Detects contracts storing sensitive data in private or internal state variables, which remain readable on-chain despite the visibility modifier.
evmlowstatic-analysisdetector
Read More
EVM high Detector
Requirement Violation
Detects functions where require/assert conditions can be violated through specific input combinations or state manipulation.
evmhighstatic-analysisdetector
Read More
EVM medium Detector
Royalty Bypass
Detects NFT marketplace and token contracts where ERC-2981 royalty payments can be circumvented through wrapper contracts or direct transfers.
evmmediumstatic-analysisdetector
Read More
EVM high Detector
Short Address Attack
Detects ERC-20 transfer functions vulnerable to short address attacks where truncated addresses cause the amount parameter to be left-shifted.
evmhighstatic-analysisdetector
Read More
EVM high Detector
Sign Extension Overflow
Detects unsafe sign extension in type conversions between signed and unsigned integers, where negative values become large positive numbers.
evmhighinteger-overflowstatic-analysis
Read More
EVM high Detector
Missing Storage Gap
Detects upgradeable contracts that lack reserved storage gaps, risking storage collisions when new state variables are added in future versions.
evmhighstorage-collisionstatic-analysis
Read More
EVM medium Detector
TWAP Oracle Manipulation
Detects time-weighted average price oracle implementations vulnerable to multi-block manipulation or insufficient observation windows.
evmmediumoracle-manipulationstatic-analysis
Read More
EVM low Detector
Typographical Error
Detects common typos in Solidity code including =+ instead of +=, =- instead of -=, and similar operator transpositions.
evmlowstatic-analysisdetector
Read More
EVM high Detector
Unchecked Array Bounds
Detects array accesses without bounds validation, enabling out-of-bounds reads/writes that corrupt storage or cause unexpected reverts.
evmhighdenial-of-servicestatic-analysis
Read More
EVM low Detector
Unused Variables
Detects state variables and local variables that are declared but never read, indicating dead state or incomplete logic.
evmlowstatic-analysisdetector
Read More
EVM high Detector
veToken Governance
Detects vulnerabilities in vote-escrowed token governance systems including flash-vote attacks, lock manipulation, and decay bypass.
evmhighaccess-controlstatic-analysis
Read More
EVM high Detector
Wrapped Native Token Confusion
Detects contracts that conflate WETH and native ETH handling, causing stuck funds or incorrect transfer logic.
evmhighstatic-analysisdetector
Read More
SVM high Detector
Account Close Balance Check
Detects incomplete account close operations where lamports are drained but account data is not zeroed, enabling account resurrection attacks.
svmhighaccount-close-balance-checkaccount-validation
Read More
SVM high Detector
Account Close Discriminator
Detects account closes without discriminator zeroing, enabling resurrection attacks.
svmhighaccount-close-discriminatoraccess-control
Read More
SVM high Detector
Account Close Reopen Race
Detects race conditions from account close/reopen between transactions.
svmhighaccount-close-reopen-raceaccess-control
Read More
SVM high Detector
Account Executable Flag
Detects missing executable flag validation before using accounts as program IDs in cross-program invocations.
svmhighaccount-executable-flagaccount-validation
Read More
SVM high Detector
Account Index Bounds
Detects account array access without bounds validation, a vulnerability that appears in 30% of recent Solana audit findings.
svmhighaccount-index-boundsdenial-of-service
Read More
SVM high Detector
Account Iterator Bounds
Detects unsafe iteration over account arrays without bounds validation, which can lead to out-of-bounds panics or buffer overflows.
svmhighaccount-iterator-boundsdenial-of-service
Read More
SVM high Detector
Account Layout Version
Detects account deserialization without version validation, which can cause silent data corruption when account structures are upgraded.
svmhighaccount-layout-versionaccount-validation
Read More
SVM high Detector
Account List Size
Detects missing account list size validation for programs that expect a fixed number of accounts.
svmhighaccount-list-sizedenial-of-service
Read More
SVM high Detector
Account Owner Chain
Detects account owner validation issues across CPI boundaries where ownership assumptions break after cross-program invocations.
svmhighaccount-owner-chainaccount-validation
Read More
SVM high Detector
Account Realloc Corruption
Detects account reallocation data corruption vulnerabilities.
svmhighaccount-realloc-corruptionaccess-control
Read More
SVM high Detector
Account Reallocation
Detects unsafe account reallocation patterns that can corrupt data.
svmhighaccount-reallocationaccess-control
Read More
SVM high Detector
Account Resurrection
Detects accounts that could be resurrected after closure via PDA re-derivation.
svmhighaccount-resurrectionaccess-control
Read More
SVM medium Detector
Account Size Violation
Detects account data size violations in Solana programs.
svmmediumaccount-size-violationdenial-of-service
Read More
SVM high Detector
Account Use After Close
Detects reads or writes to accounts after they are logically closed.
svmhighaccount-use-after-closeaccess-control
Read More
SVM high Detector
Account Verification Chain
Detects incomplete account verification chains where accounts undergo partial validation, allowing attackers to bypass security checks.
svmhighaccount-verification-chainaccount-validation
Read More
SVM high Detector
Address Lookup Table Poisoning
Detects unsafe use of Address Lookup Tables without authority validation, allowing attackers to substitute malicious accounts.
svmhighaddress-lookup-table-poisoningaccount-validation
Read More
SVM critical Detector
Admin Key Management
Detects unsafe admin key handling including hardcoded keys, missing validation, and single points of failure.
svmcriticaladmin-key-managementaccess-control
Read More
SVM medium Detector
Anchor Constraint Ordering
Detects when Anchor account constraints are checked in incorrect order.
svmmediumanchor-constraint-orderingaccess-control
Read More
SVM high Detector
Anchor Constraint TOCTOU
Detects Time-of-Check-Time-of-Use vulnerabilities in Anchor constraint validation.
svmhighanchor-constraint-toctouaccess-control
Read More
SVM high Detector
Anchor Discriminator Validation
Detects missing or incorrect Anchor discriminator validation.
svmhighanchor-discriminator-validationaccess-control
Read More
SVM high Detector
Anchor IDL Mismatch
Detects inconsistencies between Anchor IDL and program implementation.
svmhighanchor-idl-mismatchaccess-control
Read More
SVM high Detector
Anchor Init/Close Patterns
Detects unsafe account initialization and closing patterns in Anchor programs.
svmhighanchor-init-close-patternsfund-safety
Read More
SVM medium Detector
Anchor Space Allocation
Detects incorrect space allocation in Anchor account initialization.
svmmediumanchor-space-allocationdenial-of-service
Read More
SVM critical Detector
Anchor Upgrade Security
Detects unsafe Anchor program upgrade patterns and missing security controls.
svmcriticalanchor-upgrade-securityaccess-control
Read More
SVM medium Detector
Borsh Length DoS
Detects unbounded Borsh Vec/String length prefix usage that can cause DoS.
svmmediumborsh-length-dosdenial-of-service
Read More
SVM high Detector
Bump Seed Brute Force
Detects user-controlled bump seeds in PDA derivation without validation against canonical values.
svmhighbump-seed-brute-forcepda-validation
Read More
SVM medium Detector
Clock Staleness
Detects Clock sysvar usage in financial logic without staleness bounds, exploitable after network halts.
svmmediumclock-stalenesstime-dependency
Read More
SVM high Detector
Compressed NFT Validation
Detects Bubblegum/compressed NFT Merkle proof and authority vulnerabilities.
svmhighcompressed-nft-validationaccess-control
Read More
SVM medium Detector
Compute Budget Injection
Detects hardcoded compute budget assumptions vulnerable to injection.
svmmediumcompute-budget-injectiondenial-of-service
Read More
SVM high Detector
Compute Exhaustion
Detects resource issues that could exhaust Solana compute unit budget.
svmhighcompute-exhaustiondenial-of-service
Read More
SVM high Detector
Conditional Ownership Bypass
Detects ownership checks that can be bypassed through conditional logic, allowing unauthorized access.
svmhighconditional-ownership-bypassaccess-control
Read More
SVM high Detector
CPI Account List Mismatch
Detects CPI calls without proper account list validation, enabling privilege escalation.
svmhighcpi-account-list-mismatchaccess-control
Read More
SVM high Detector
CPI Cycle Detection
Detects circular cross-program invocation patterns that could cause infinite loops or resource exhaustion.
svmhighcpi-cycleaccess-control
Read More
SVM high Detector
CPI Data Tampering
Detects CPI calls with potentially tampered instruction data from untrusted sources.
svmhighcpi-data-tamperingaccess-control
Read More
SVM high Detector
CPI in Loop Denial of Service
Detects CPI calls inside loops that can cause compute exhaustion and denial of service.
svmhighcpi-in-loop-dosaccess-control
Read More
SVM high Detector
CPI Signer Propagation
Detects unsafe signer propagation in nested CPI calls without re-validation.
svmhighcpi-signer-propagationaccess-control
Read More
SVM critical Detector
Critical Program ID Validation
Detects CPI calls to critical system programs without explicit address validation.
svmcriticalcritical-program-id-validationaccess-control
Read More
SVM high Detector
Critical Truncation
Detects integer truncation in security-critical operations including lamport transfers, account storage, and access control.
svmhighcritical-truncationinteger-overflow
Read More
SVM high Detector
Cross-Account Relationship Validation
Detects missing validation of relationships between related accounts in CPI operations.
svmhighcross-account-relationshipaccess-control
Read More
SVM medium Detector
Cross-Contract Consistency
Detects cross-account state consistency issues.
svmmediumcross-contract-consistencyaccess-control
Read More
SVM high Detector
Cross-Instruction State Desync
Detects cross-instruction state desynchronization vulnerabilities.
svmhighcross-instruction-state-desyncaccess-control
Read More
SVM high Detector
Cross-Program Reinit
Detects accounts used after CPI without re-validating initialization state.
svmhighcross-program-reinitaccess-control
Read More
SVM high Detector
Cross-Program State
Detects state inconsistencies and race conditions across CPI boundaries.
svmhighcross-program-stateaccess-control
Read More
SVM medium Detector
Deserialization Endianness
Detects potential endianness mismatches in data deserialization.
svmmediumdeserialization-endiannessaccess-control
Read More
SVM high Detector
Division by Zero
Detects division and modulo operations where the divisor may be zero, causing runtime panics and DoS vulnerabilities.
svmhighdivision-by-zerointeger-overflow
Read More
SVM high Detector
DoS Compute Exhaustion
Detects potential denial-of-service via unbounded compute unit consumption.
svmhighdos-compute-exhaustiondenial-of-service
Read More
SVM high Detector
Durable Nonce Manipulation
Detects missing validation when interacting with durable nonce accounts, enabling replay attacks or transaction reordering.
svmhighdurable-nonce-manipulationaccess-control
Read More
SVM high Detector
Ed25519 Signature Malleability
Detects Ed25519 signature verification without canonical signature checks, allowing signature malleability attacks.
svmhighed25519-signature-malleabilityaccess-control
Read More
SVM medium Detector
Emergency Pause
Detects missing or vulnerable emergency pause mechanisms in Solana programs.
svmmediumemergency-pauseaccess-control
Read More
SVM high Detector
Generic Init Frontrun
Detects initialization patterns vulnerable to frontrunning attacks.
svmhighgeneric-init-frontrunaccess-control
Read More
SVM low Detector
Hardcoded System Program Address
Detects hardcoded system program addresses instead of using named constants for program IDs.
svmlowhardcoded-system-program-addressaccount-validation
Read More
SVM low Detector
Hardcoded Sysvar Address
Detects hardcoded sysvar addresses instead of using proper sysvar::id() derivation functions.
svmlowhardcoded-sysvar-addressaccount-validation
Read More
SVM high Detector
Hash Collision
Detects hash collision vulnerabilities in cryptographic operations including weak algorithms, truncated hashes, and merkle proof misuse.
svmhighhash-collisionaccess-control
Read More
SVM high Detector
Implicit Instruction Ordering
Detects implicit instruction ordering dependencies not enforced on all control flow paths, enabling authorization bypass through path-selective attacks.
svmhighimplicit-instruction-orderingaccess-control
Read More
SVM medium Detector
Improper Error Handling
Detects silently ignored errors or improper error propagation in Solana programs.
svmmediumimproper-error-handlingerror-handling
Read More
SVM high Detector
Instruction Data Length
Detects missing instruction data length validation before unpacking, the most common source of runtime panics in Solana programs.
svmhighinstruction-data-lengthdenial-of-service
Read More
SVM medium Detector
Instruction Data Parsing Edge Cases
Detects unsafe instruction data parsing patterns that may cause panics or errors with malformed data.
svmmediuminstruction-data-parsing-edge-casesdenial-of-service
Read More
SVM high Detector
Instruction Fallback Handler
Detects unsafe fallback logic for unrecognized instruction discriminators that may allow attackers to execute unintended code paths.
svmhighinstruction-fallback-handleraccess-control
Read More
SVM high Detector
Instruction Index Validation
Detects hardcoded instruction index comparisons that can be bypassed by attackers who control transaction structure.
svmhighinstruction-index-validationaccess-control
Read More
SVM high Detector
Instruction Introspection
Detects unsafe instruction introspection with missing bounds or length validation when accessing transaction instructions via sysvar.
svmhighinstruction-introspectiondenial-of-service
Read More
SVM critical Detector
Instruction Sender Validation
Detects missing validation that the transaction sender has authority for privileged operations.
svmcriticalinstruction-sender-validationaccess-control
Read More
SVM high Detector
Instruction Verification Pattern
Detects incorrect ordering of validation checks and sensitive operations, where state modifications or CPIs occur before authorization.
svmhighinstruction-verification-patternaccess-control
Read More
SVM high Detector
Insufficient Data Length Check
Detects account data access without sufficient length validation, which can cause buffer overflows or runtime panics.
svmhighinsufficient-data-length-checkdenial-of-service
Read More
SVM high Detector
Insufficient Lamport Balance
Detects lamport operations without sufficient balance validation.
svmhighinsufficient-lamport-balancefund-safety
Read More
SVM high Detector
Integer Truncation
Detects unsafe integer type casts that may truncate data, causing loss of significant bits and security vulnerabilities.
svmhighinteger-truncationinteger-overflow
Read More
SVM high Detector
Lamport Conservation
Detects lamport conservation violations where balances are not properly maintained.
svmhighlamport-conservationfund-safety
Read More
SVM medium Detector
Lamport Dust
Detects lamport dust exploitation vulnerabilities in Solana programs.
svmmediumlamport-dustfund-safety
Read More
SVM high Detector
Lamport Token Confusion
Detects confusion between native SOL (lamports) and SPL token operations leading to incorrect value calculations.
svmhighlamport-token-confusionaccess-control
Read More
SVM high Detector
Lamport Underflow
Detects lamport transfers that may exceed available balance, causing underflow, account closure, or rent-exempt violations.
svmhighlamport-underflowinteger-overflow
Read More
SVM critical Detector
Liquidity Manipulation
Detects liquidity pool manipulation vulnerabilities.
svmcriticalliquidity-manipulationoracle-manipulation
Read More
SVM high Detector
Metadata Authority Transfer
Detects unsafe metadata authority transfers without proper verification of the new authority.
svmhighmetadata-authority-transferaccess-control
Read More
SVM high Detector
Metaplex Authority Bypass
Detects missing update authority verification in Metaplex Token Metadata operations.
svmhighmetaplex-authority-bypassaccess-control
Read More
SVM medium Detector
Metaplex Compliance
Detects Metaplex metadata standard compliance violations.
svmmediummetaplex-complianceaccess-control
Read More
SVM high Detector
MEV Vulnerabilities
Detects MEV and transaction ordering vulnerabilities in Solana programs.
svmhighmev-vulnerabilitiesmev
Read More
SVM high Detector
Missing Empty Account Check
Detects account initialization without validating the account is empty first.
svmhighmissing-empty-account-checkaccess-control
Read More
SVM medium Detector
Missing Idempotency
Detects critical state-changing operations that lack idempotency guards, allowing replay or double-execution.
svmmediummissing-idempotencyaccess-control
Read More
SVM low Detector
Missing Rent Check
Detects potential rent exemption issues from lamport transfers.
svmlowmissing-rent-checkaccess-control
Read More
SVM high Detector
Multi-Hop CPI
Detects dangerous multi-hop cross-program invocation chains.
svmhighmulti-hop-cpiaccess-control
Read More
SVM high Detector
Multi-Sig Validation
Detects multi-signature validation issues including weak thresholds, missing signer verification, and replay vulnerabilities.
svmhighmultisig-validationaccess-control
Read More
SVM high Detector
Native Discriminator Validation
Detects native programs deserializing account data without discriminator checks.
svmhighnative-discriminator-validationaccess-control
Read More
SVM high Detector
Native Program Authority
Detects missing authority validation when invoking Solana native programs.
svmhighnative-program-authorityaccess-control
Read More
SVM high Detector
NFT Creator Verification
Detects missing creator signature verification in NFT metadata operations.
svmhighnft-creator-verificationaccess-control
Read More
SVM medium Detector
NFT Metadata Validation
Detects NFT metadata validation issues.
svmmediumnft-metadata-validationaccess-control
Read More
SVM medium Detector
NFT Royalty Bypass
Detects NFT royalty enforcement bypass patterns.
svmmediumnft-royalty-bypassfund-safety
Read More
SVM medium Detector
Non-Anchor Discriminator
Detects missing instruction discrimination in non-Anchor Solana programs.
svmmediumnon-anchor-discriminatoraccess-control
Read More
SVM high Detector
Oracle Data Freshness
Detects oracle price usage without staleness validation.
svmhighoracle-data-freshnessoracle-manipulation
Read More
SVM high Detector
PDA Bump Seed Reuse
Detects reuse of the same bump seed value across multiple PDA derivations.
svmhighpda-bump-seed-reusepda-validation
Read More
SVM high Detector
PDA Ownership Validation
Detects PDA usage without ownership validation, allowing unauthorized access.
svmhighpda-ownership-validationpda-validation
Read More
SVM medium Detector
PDA Path Confusion
Detects PDA derivations without program-specific namespace seeds, risking cross-program collisions.
svmmediumpda-path-confusionpda-validation
Read More
SVM high Detector
PDA Seed Validation
Detects incorrect PDA seed derivation patterns including wrong order, missing seeds, and non-deterministic sources.
svmhighpda-seed-validationpda-validation
Read More
SVM high Detector
PDA System Collision
Detects PDA derivations with weak entropy that could collide with system program addresses.
svmhighpda-system-collisionpda-validation
Read More
SVM high Detector
PDA User-Controlled Seeds
Detects user-controlled input used in PDA seeds without validation, enabling arbitrary PDA derivation.
svmhighpda-user-controlled-seedspda-validation
Read More
SVM high Detector
Precision Errors
Detects precision loss and rounding errors in DeFi financial calculations.
svmhighprecision-errorsinteger-overflow
Read More
SVM high Detector
Price Impact
Detects large swaps without price impact validation.
svmhighprice-impactmev
Read More
SVM low Detector
Program Interface Compliance
Detects program interface compliance issues.
svmlowprogram-interface-compliancegas-optimization
Read More
SVM high Detector
Program Upgrade Risks
Detects security risks in upgradeable Solana programs including authority validation issues.
svmhighprogram-upgrade-risksaccess-control
Read More
SVM high Detector
Role-Based Access Control
Detects role-based access control vulnerabilities including missing role checks, escalation risks, and hardcoded permissions.
svmhighrbacaccess-control
Read More
SVM low Detector
Readonly Account Mutation
Detects attempts to modify accounts that have been verified as readonly.
svmlowreadonly-account-mutationaccess-control
Read More
SVM high Detector
Readonly CPI Write Bypass
Detects readonly accounts forwarded to CPI calls that may bypass write locks.
svmhighreadonly-cpi-write-bypassaccess-control
Read More
SVM medium Detector
Readonly Misuse
Detects semantic misuse of readonly accounts.
svmmediumreadonly-misuseaccess-control
Read More
SVM high Detector
Rent Collection Exploit
Detects rent collection exploit patterns and missing rent-exempt checks.
svmhighrent-collection-exploitfund-safety
Read More
SVM low Detector
Rent Epoch Validation
Detects improper rent epoch validation and handling.
svmlowrent-epoch-validationaccess-control
Read More
SVM medium Detector
Rent Exempt Epoch Transition
Detects cached rent-exempt minimum balances that become stale across epoch transitions.
svmmediumrent-exempt-epoch-transitionaccess-control
Read More
SVM high Detector
Rent Exempt Initialization
Detects account data writes before rent-exempt funding.
svmhighrent-exempt-initializationaccess-control
Read More
SVM high Detector
Rent Exempt Reallocation
Detects account reallocations without rent-exemption lamport adjustments.
svmhighrent-exempt-reallocationaccess-control
Read More
SVM high Detector
Rent Exemption Violation
Detects rent exemption requirement violations in Solana programs.
svmhighrent-exemption-violationfund-safety
Read More
SVM high Detector
Rent Withdrawal Balance
Detects partial lamport withdrawals without rent-exemption balance checks.
svmhighrent-withdrawal-balanceaccess-control
Read More
SVM high Detector
Secondary Signer Validation
Detects accounts with identity validation (CheckKey) but missing signer validation (CheckSigner), allowing authorization bypass.
svmhighsecondary-signer-validationaccount-validation
Read More
SVM medium Detector
Secp256k1 Signature Malleability
Detects Secp256k1 signature verification without canonicalization checks.
svmmediumsecp256k1-signature-malleabilityaccess-control
Read More
SVM high Detector
Shared Mutable Race
Detects race conditions from shared mutable account access where the same account is modified through multiple paths without duplicate checks.
svmhighshared-mutable-raceaccount-validation
Read More
SVM critical Detector
Signer Authority Role
Detects privileged operations with signer checks but no authority role validation, allowing any signer to execute admin actions.
svmcriticalsigner-authority-roleaccess-control
Read More
SVM high Detector
Slippage Protection
Detects missing slippage protection in token swap operations.
svmhighslippage-protectionmev
Read More
SVM high Detector
Token-2022 Extensions
Detects Token-2022 extension vulnerabilities including transfer hooks, fees, and confidential transfers.
svmhighspl-token-2022-extensionsaccess-control
Read More
SVM high Detector
SPL Token Account Close
Detects unsafe account close operations including non-empty accounts and rent drain attacks.
svmhighspl-token-account-closeaccess-control
Read More
SVM high Detector
SPL Token Account Validation
Detects missing validation in SPL token operations including ownership, mint, and authority checks.
svmhighspl-token-account-validationaccount-validation
Read More
SVM high Detector
SPL Token ATA Validation
Detects improper Associated Token Account usage including wrong ATA, missing derivation validation, and mint mismatch.
svmhighspl-token-ata-validationaccess-control
Read More
SVM high Detector
SPL Token Authority Confusion
Detects confusion between token account authorities (owner, delegate, close authority, mint authority, freeze authority).
svmhighspl-token-authority-confusionaccess-control
Read More
SVM high Detector
SPL Token Close Authority Bypass
Detects token account closure without validating the close_authority field.
svmhighspl-token-close-authority-bypassaccess-control
Read More
SVM medium Detector
SPL Token Compliance
Detects SPL Token standard compliance violations.
svmmediumspl-token-complianceaccess-control
Read More
SVM medium Detector
SPL Token Delegation Chain Depth
Detects excessive delegation chain depth that increases attack surface and complexity.
svmmediumspl-token-delegation-chain-depthaccess-control
Read More
SVM critical Detector
SPL Token Delegation Overflow
Detects integer overflow vulnerabilities in token delegation amount calculations.
svmcriticalspl-token-delegation-overflowaccess-control
Read More
SVM high Detector
SPL Token Delegation Security
Detects unsafe token delegation patterns including unlimited approvals and missing revocation.
svmhighspl-token-delegation-securityaccess-control
Read More
SVM high Detector
SPL Token Freeze Burn Validation
Detects unsafe freeze and burn operations with missing authority validation or balance checks.
svmhighspl-token-freeze-burnaccess-control
Read More
SVM low Detector
Frozen Account Operations
Detects token operations performed without checking if the account is frozen.
svmlowspl-token-frozen-account-operationsaccess-control
Read More
SVM medium Detector
SPL Token Metadata Validation
Detects metadata validation issues including missing PDA checks, update authority verification, and URI validation.
svmmediumspl-token-metadata-validationaccess-control
Read More
SVM critical Detector
SPL Token Mint Authority
Detects mint authority vulnerabilities including missing validation and unlimited minting.
svmcriticalspl-token-mint-authorityaccess-control
Read More
SVM high Detector
SPL Token Transfer Hooks
Detects transfer hook vulnerabilities including bypass, reentrancy, and missing validation.
svmhighspl-token-transfer-hooksaccess-control
Read More
SVM high Detector
Stack Depth Violation
Detects stack and CPI depth limit violations in Solana programs.
svmhighstack-depth-violationdenial-of-service
Read More
SVM high Detector
Stale Account Data After CPI
Detects use of cached account data after CPI without reload, leading to stale reads.
svmhighstale-account-dataaccess-control
Read More
SVM high Detector
Swap Validation
Detects missing validation in token swap operations.
svmhighswap-validationaccess-control
Read More
SVM medium Detector
Sysvar Cache Staleness
Detects stale sysvar data usage across blocks beyond Clock.
svmmediumsysvar-cache-stalenessaccess-control
Read More
SVM high Detector
Sysvar Substitution
Detects unverified sysvar account usage that could allow attackers to substitute fake system data.
svmhighsysvar-substitutionaccount-validation
Read More
SVM medium Detector
Timelock Operations
Detects timelock bypass vulnerabilities, missing delays for critical operations, and timestamp validation issues.
svmmediumtimelockaccess-control
Read More
SVM medium Detector
Timestamp Dependency
Detects dangerous dependencies on block timestamps in security-critical logic including access control and randomness.
svmmediumtimestamp-dependencytime-dependency
Read More
SVM high Detector
Token-2022 Confidential
Detects Token-2022 confidential transfer vulnerabilities.
svmhightoken-2022-confidentialaccess-control
Read More
SVM high Detector
Token Account Ownership
Detects missing account ownership validation before cross-program invocations, allowing attackers to pass fake token accounts.
svmhightoken-account-ownershipaccount-validation
Read More
SVM high Detector
Token Account Spoofing
Detects token account spoofing and aliasing vulnerabilities where fake token accounts can be substituted.
svmhightoken-account-spoofingaccess-control
Read More
SVM critical Detector
Token Balance Invariant
Detects token operations that violate balance invariants such as mint without supply update or burn without supply decrease.
svmcriticaltoken-balance-invariantaccess-control
Read More
SVM critical Detector
Token Decimal Mismatch
Detects token transfers and swaps with mismatched decimals without proper conversion.
svmcriticaltoken-decimal-mismatchaccess-control
Read More
SVM high Detector
Token Extension Security
Detects Token-2022 extension security misconfigurations.
svmhightoken-extension-securityaccess-control
Read More
SVM medium Detector
Token Init Race
Detects token account initialization race conditions.
svmmediumtoken-init-raceaccess-control
Read More
SVM high Detector
Token-2022 Immutable Owner
Detects Token-2022 Immutable Owner extension validation issues.
svmhightoken2022-immutable-owneraccess-control
Read More
SVM high Detector
Token-2022 Transfer Fee Bypass
Detects token transfers that do not account for Token-2022 transfer fees.
svmhightoken2022-transfer-fee-bypassfund-safety
Read More
SVM medium Detector
Transaction Size DoS
Detects unbounded account lists in CPI that can cause transaction size DoS.
svmmediumtransaction-size-dosdenial-of-service
Read More
SVM low Detector
Unchecked Arithmetic
Detects unchecked arithmetic operations that could silently overflow or underflow in SVM programs.
svmlowunchecked-arithmeticinteger-overflow
Read More
SVM high Detector
Unchecked CPI Return Value
Detects CPI calls without return value validation, allowing silent failures.
svmhighunchecked-cpi-returnaccess-control
Read More
SVM high Detector
Unchecked Deserialization
Detects unchecked deserialization of account data that may panic on malformed input.
svmhighunchecked-deserializationaccess-control
Read More
SVM high Detector
Uninitialized Account
Detects usage of uninitialized accounts before proper initialization.
svmhighuninitialized-accountaccess-control
Read More
SVM medium Detector
Unsafe Deserialization
Detects potentially unsafe account data access patterns without bounds checking.
svmmediumunsafe-deserializationaccess-control
Read More
SVM high Detector
Voting Power Manipulation
Detects governance voting power manipulation vulnerabilities.
svmhighvoting-power-manipulationaccess-control
Read More
SVM medium Detector
Weak PDA Entropy
Detects PDA derivations with weak seed entropy, enabling prediction and front-running attacks.
svmmediumweak-pda-entropypda-validation
Read More
SVM critical Detector
Wrapped Token Parity
Detects missing wrapped token supply vs collateral parity validation.
svmcriticalwrapped-token-parityfund-safety
Read More
SVM medium Detector
Zero Amount Operation
Detects token operations that may accept zero amounts without explicit validation.
svmmediumzero-amount-operationaccess-control
Read More
SVM high Detector
Zero Copy Deserialization
Detects unsafe zero-copy deserialization patterns that can lead to memory corruption.
svmhighzero-copy-deserializationaccess-control
Read More
SVM Remediation
Account Close Balance Check Remediation
How to fix incomplete account close operations that leave data intact after draining lamports.
svmaccount-validation
Read More
SVM Remediation
Account Close Discriminator Remediation
How to fix missing discriminator zeroing on account close.
svmaccess-control
Read More
SVM Remediation
Account Close Reopen Race Remediation
How to fix TOCTOU race conditions from account close/reopen between transactions.
svmaccess-control
Read More
SVM Remediation
Account Executable Flag Remediation
How to fix missing executable flag validation before cross-program invocations.
svmaccount-validation
Read More
SVM Remediation
Account Index Bounds Remediation
How to fix account array access without bounds validation.
svmdenial-of-service
Read More
SVM Remediation
Account Iterator Bounds Remediation
How to fix unsafe iteration over account arrays without bounds validation.
svmdenial-of-service
Read More
SVM Remediation
Account Layout Version Remediation
How to fix account deserialization that lacks version validation.
svmaccount-validation
Read More
SVM Remediation
Account List Size Remediation
How to fix missing account list size validation for fixed account layouts.
svmdenial-of-service
Read More
SVM Remediation
Account Owner Chain Remediation
How to fix stale owner validation across CPI boundaries.
svmaccount-validation
Read More
SVM Remediation
Account Realloc Corruption Remediation
How to fix account reallocation data corruption vulnerabilities.
svmaccess-control
Read More
SVM Remediation
Account Reallocation Remediation
How to fix unsafe account reallocation patterns.
svmaccess-control
Read More
SVM Remediation
Account Resurrection Remediation
How to fix account resurrection vulnerabilities from PDA re-derivation.
svmaccess-control
Read More
SVM Remediation
Account Size Violation Remediation
How to fix account data size violations.
svmdenial-of-service
Read More
SVM Remediation
Account Use After Close Remediation
How to fix use-after-close vulnerabilities in Solana programs.
svmaccess-control
Read More
SVM Remediation
Account Verification Chain Remediation
How to fix incomplete account verification chains by adding missing validation checks.
svmaccount-validation
Read More
SVM Remediation
Address Lookup Table Poisoning Remediation
How to fix unsafe Address Lookup Table usage by validating table authority and loaded addresses.
svmaccount-validation
Read More
SVM Remediation
Admin Key Management Remediation
How to fix unsafe admin key handling, hardcoded keys, and single points of failure.
svmaccess-control
Read More
SVM Remediation
Anchor Constraint Ordering Remediation
How to fix incorrect Anchor constraint ordering.
svmaccess-control
Read More
SVM Remediation
Anchor Constraint TOCTOU Remediation
How to fix TOCTOU race conditions in Anchor constraints.
svmaccess-control
Read More
SVM Remediation
Anchor Discriminator Validation Remediation
How to fix missing Anchor discriminator validation.
svmaccess-control
Read More
SVM Remediation
Anchor IDL Mismatch Remediation
How to fix Anchor IDL and program implementation mismatches.
svmaccess-control
Read More
SVM Remediation
Anchor Init/Close Patterns Remediation
How to fix unsafe Anchor init and close patterns.
svmfund-safety
Read More
SVM Remediation
Anchor Space Allocation Remediation
How to fix incorrect Anchor space allocation.
svmdenial-of-service
Read More
SVM Remediation
Anchor Upgrade Security Remediation
How to fix unsafe Anchor program upgrade patterns.
svmaccess-control
Read More
SVM Remediation
Borsh Length DoS Remediation
How to fix unbounded Borsh length prefix DoS vulnerabilities.
svmdenial-of-service
Read More
SVM Remediation
Bump Seed Brute Force Remediation
How to fix user-controlled bump seeds in PDA derivation.
svmpda-validation
Read More
SVM Remediation
Clock Staleness Remediation
How to fix Clock sysvar usage in financial logic to prevent post-halt exploitation.
svmtime-dependency
Read More
SVM Remediation
Compressed NFT Validation Remediation
How to fix compressed NFT Merkle proof and authority vulnerabilities.
svmaccess-control
Read More
SVM Remediation
Compute Budget Injection Remediation
How to fix hardcoded compute budget assumptions.
svmdenial-of-service
Read More
SVM Remediation
Compute Exhaustion Remediation
How to fix compute unit budget exhaustion issues.
svmdenial-of-service
Read More
SVM Remediation
Conditional Ownership Bypass Remediation
How to fix ownership checks that can be bypassed through conditional logic.
svmaccess-control
Read More
SVM Remediation
CPI Account List Mismatch Remediation
How to fix CPI calls with unvalidated account lists.
svmaccess-control
Read More
SVM Remediation
CPI Cycle Remediation
How to fix circular CPI patterns that cause infinite loops or depth limit failures.
svmaccess-control
Read More
SVM Remediation
CPI Data Tampering Remediation
How to fix CPI calls with unvalidated instruction data from untrusted sources.
svmaccess-control
Read More
SVM Remediation
CPI in Loop DOS Remediation
How to fix CPI calls inside loops that can exhaust compute budget.
svmaccess-control
Read More
SVM Remediation
CPI Signer Propagation Remediation
How to fix unsafe signer propagation in nested CPI calls.
svmaccess-control
Read More
SVM Remediation
Critical Program ID Validation Remediation
How to fix missing validation of critical system program IDs before CPI.
svmaccess-control
Read More
SVM Remediation
Critical Truncation Remediation
How to fix integer truncation in lamport transfers, account storage, and access control.
svminteger-overflow
Read More
SVM Remediation
Cross-Account Relationship Remediation
How to fix missing relationship validation between related accounts.
svmaccess-control
Read More
SVM Remediation
Cross-Contract Consistency Remediation
How to fix cross-account state consistency issues.
svmaccess-control
Read More
SVM Remediation
Cross-Instruction State Desync Remediation
How to fix cross-instruction state desynchronization.
svmaccess-control
Read More
SVM Remediation
Cross-Program Reinit Remediation
How to fix cross-program re-initialization attack vulnerabilities.
svmaccess-control
Read More
SVM Remediation
Cross-Program State Remediation
How to fix cross-program state inconsistencies.
svmaccess-control
Read More
SVM Remediation
Deserialization Endianness Remediation
How to fix endianness mismatches in data deserialization.
svmaccess-control
Read More
SVM Remediation
Division by Zero Remediation
How to fix division operations where the divisor may be zero, preventing panics and DoS.
svminteger-overflow
Read More
SVM Remediation
DoS Compute Exhaustion Remediation
How to fix denial-of-service via compute unit exhaustion.
svmdenial-of-service
Read More
SVM Remediation
Durable Nonce Manipulation Remediation
How to fix missing validation when interacting with durable nonce accounts.
svmaccess-control
Read More
SVM Remediation
Ed25519 Signature Malleability Remediation
How to fix Ed25519 signature verification to prevent malleability attacks.
svmaccess-control
Read More
SVM Remediation
Emergency Pause Remediation
How to fix missing or vulnerable emergency pause mechanisms in Solana programs.
svmaccess-control
Read More
SVM Remediation
Generic Init Frontrun Remediation
How to fix initialization frontrunning vulnerabilities.
svmaccess-control
Read More
SVM Remediation
Hardcoded System Program Address Remediation
How to fix hardcoded system program addresses by using named constants.
svmaccount-validation
Read More
SVM Remediation
Hardcoded Sysvar Address Remediation
How to fix hardcoded sysvar addresses by using proper derivation functions.
svmaccount-validation
Read More
SVM Remediation
Hash Collision Remediation
How to fix hash collision vulnerabilities caused by truncation, weak algorithms, or small inputs.
svmaccess-control
Read More
SVM Remediation
Implicit Instruction Ordering Remediation
How to fix implicit instruction ordering dependencies not enforced on all control flow paths.
svmaccess-control
Read More
SVM Remediation
Improper Error Handling Remediation
How to fix silently ignored errors and improper error propagation.
svmerror-handling
Read More
SVM Remediation
Instruction Data Length Remediation
How to fix missing instruction data length validation before unpacking.
svmdenial-of-service
Read More
SVM Remediation
Instruction Data Parsing Edge Cases Remediation
How to fix unsafe instruction data parsing patterns that may cause panics or errors.
svmdenial-of-service
Read More
SVM Remediation
Instruction Fallback Handler Remediation
How to fix unsafe fallback logic for unrecognized instruction discriminators.
svmaccess-control
Read More
SVM Remediation
Instruction Index Validation Remediation
How to fix hardcoded instruction index comparisons that can be bypassed.
svmaccess-control
Read More
SVM Remediation
Instruction Introspection Remediation
How to fix unsafe instruction introspection with missing bounds or length validation.
svmdenial-of-service
Read More
SVM Remediation
Instruction Sender Validation Remediation
How to fix missing authority validation for transaction senders in privileged operations.
svmaccess-control
Read More
SVM Remediation
Instruction Verification Pattern Remediation
How to fix incorrect ordering of validation checks and sensitive operations.
svmaccess-control
Read More
SVM Remediation
Insufficient Data Length Check Remediation
How to fix account data access without sufficient length validation.
svmdenial-of-service
Read More
SVM Remediation
Insufficient Lamport Balance Remediation
How to fix missing lamport balance validation before transfers.
svmfund-safety
Read More
SVM Remediation
Integer Truncation Remediation
How to fix unsafe integer type casts that truncate data.
svminteger-overflow
Read More
SVM Remediation
Lamport Conservation Remediation
How to fix lamport conservation violations in Solana programs.
svmfund-safety
Read More
SVM Remediation
Lamport Dust Remediation
How to fix lamport dust exploitation vulnerabilities.
svmfund-safety
Read More
SVM Remediation
Lamport Token Confusion Remediation
How to fix confusion between native SOL and SPL token operations.
svmaccess-control
Read More
SVM Remediation
Lamport Underflow Remediation
How to fix lamport transfers that may exceed available balance or violate rent-exempt minimums.
svminteger-overflow
Read More
SVM Remediation
Liquidity Manipulation Remediation
How to fix liquidity pool manipulation vulnerabilities.
svmoracle-manipulation
Read More
SVM Remediation
Metadata Authority Transfer Remediation
How to fix unsafe metadata authority transfers in Solana programs.
svmaccess-control
Read More
SVM Remediation
Metaplex Authority Bypass Remediation
How to fix missing update authority verification in Metaplex metadata operations.
svmaccess-control
Read More
SVM Remediation
Metaplex Compliance Remediation
How to fix Metaplex metadata standard violations.
svmaccess-control
Read More
SVM Remediation
MEV Vulnerabilities Remediation
How to fix MEV and transaction ordering vulnerabilities in Solana programs.
svmmev
Read More
SVM Remediation
Missing Empty Account Check Remediation
How to fix missing empty account validation before initialization.
svmaccess-control
Read More
SVM Remediation
Missing Idempotency Remediation
How to fix missing idempotency guards on critical state-changing operations.
svmaccess-control
Read More
SVM Remediation
Multi-Hop CPI Remediation
How to fix dangerous multi-hop CPI chain issues.
svmaccess-control
Read More
SVM Remediation
Multi-Sig Validation Remediation
How to fix multi-signature validation weaknesses including thresholds, replay protection, and signer verification.
svmaccess-control
Read More
SVM Remediation
Native Discriminator Validation Remediation
How to fix missing discriminator validation in native Solana programs.
svmaccess-control
Read More
SVM Remediation
Native Program Authority Remediation
How to fix missing authority validation for native program CPIs.
svmaccess-control
Read More
SVM Remediation
NFT Creator Verification Remediation
How to fix missing NFT creator signature verification.
svmaccess-control
Read More
SVM Remediation
NFT Metadata Validation Remediation
How to fix NFT metadata validation issues.
svmaccess-control
Read More
SVM Remediation
NFT Royalty Bypass Remediation
How to fix NFT royalty enforcement bypass patterns.
svmfund-safety
Read More
SVM Remediation
Non-Anchor Discriminator Remediation
How to fix missing instruction discrimination in non-Anchor programs.
svmaccess-control
Read More
SVM Remediation
Oracle Data Freshness Remediation
How to fix stale oracle price data usage.
svmoracle-manipulation
Read More
SVM Remediation
PDA Bump Seed Reuse Remediation
How to fix reuse of bump seeds across multiple PDA derivations.
svmpda-validation
Read More
SVM Remediation
PDA Ownership Validation Remediation
How to fix PDA usage without ownership validation.
svmpda-validation
Read More
SVM Remediation
PDA Path Confusion Remediation
How to fix PDA derivations lacking program-specific namespace seeds.
svmpda-validation
Read More
SVM Remediation
PDA Seed Validation Remediation
How to fix incorrect PDA seed derivation patterns.
svmpda-validation
Read More
SVM Remediation
PDA System Collision Remediation
How to fix weak PDA seed patterns that could collide with system addresses.
svmpda-validation
Read More
SVM Remediation
PDA User-Controlled Seeds Remediation
How to fix unvalidated user-controlled input in PDA seeds.
svmpda-validation
Read More
SVM Remediation
Precision Errors Remediation
How to fix precision loss and rounding errors in DeFi calculations.
svminteger-overflow
Read More
SVM Remediation
Price Impact Remediation
How to fix missing price impact validation in large swaps.
svmmev
Read More
SVM Remediation
Program Interface Compliance Remediation
How to fix program interface compliance issues.
svmgas-optimization
Read More
SVM Remediation
Program Upgrade Risks Remediation
How to fix security risks in upgradeable Solana programs.
svmaccess-control
Read More
SVM Remediation
Role-Based Access Control Remediation
How to fix missing role checks, privilege escalation risks, and hardcoded role permissions.
svmaccess-control
Read More
SVM Remediation
Readonly Account Mutation Remediation
How to fix readonly account mutation logic errors.
svmaccess-control
Read More
SVM Remediation
Readonly CPI Write Bypass Remediation
How to fix readonly account write bypass via CPI.
svmaccess-control
Read More
SVM Remediation
Readonly Misuse Remediation
How to fix readonly account misuse vulnerabilities.
svmaccess-control
Read More
SVM Remediation
Rent Collection Exploit Remediation
How to fix rent collection exploit patterns.
svmfund-safety
Read More
SVM Remediation
Rent Epoch Validation Remediation
How to fix improper rent epoch validation.
svmaccess-control
Read More
SVM Remediation
Rent Exempt Epoch Transition Remediation
How to fix cached rent-exempt minimum balances.
svmaccess-control
Read More
SVM Remediation
Rent Exempt Initialization Remediation
How to fix account data writes that occur before rent-exempt funding.
svmaccess-control
Read More
SVM Remediation
Rent Exempt Reallocation Remediation
How to fix account reallocations without rent-exemption adjustments.
svmaccess-control
Read More
SVM Remediation
Rent Exemption Violation Remediation
How to fix rent exemption requirement violations.
svmfund-safety
Read More
SVM Remediation
Rent Withdrawal Balance Remediation
How to fix partial lamport withdrawals without rent-exemption checks.
svmaccess-control
Read More
SVM Remediation
Secondary Signer Validation Remediation
How to fix missing signer validation on identity-checked accounts.
svmaccount-validation
Read More
SVM Remediation
Secp256k1 Signature Malleability Remediation
How to fix Secp256k1 signature malleability vulnerabilities.
svmaccess-control
Read More
SVM Remediation
Shared Mutable Race Remediation
How to fix race conditions from shared mutable account access.
svmaccount-validation
Read More
SVM Remediation
Signer Authority Role Remediation
How to fix privileged operations that check signer status but not authority role.
svmaccess-control
Read More
SVM Remediation
Slippage Protection Remediation
How to fix missing slippage protection in token swaps.
svmmev
Read More
SVM Remediation
Token-2022 Extensions Remediation
How to fix Token-2022 extension vulnerabilities.
svmaccess-control
Read More
SVM Remediation
SPL Token Account Close Remediation
How to fix unsafe account close operations in Solana programs.
svmaccess-control
Read More
SVM Remediation
SPL Token Account Validation Remediation
How to fix missing validation in SPL token operations.
svmaccount-validation
Read More
SVM Remediation
SPL Token ATA Validation Remediation
How to fix improper Associated Token Account validation.
svmaccess-control
Read More
SVM Remediation
SPL Token Authority Confusion Remediation
How to fix authority confusion between owner, delegate, close, mint, and freeze authorities.
svmaccess-control
Read More
SVM Remediation
SPL Token Close Authority Bypass Remediation
How to fix missing close_authority validation when closing token accounts.
svmaccess-control
Read More
SVM Remediation
SPL Token Compliance Remediation
How to fix SPL Token standard compliance violations.
svmaccess-control
Read More
SVM Remediation
SPL Token Delegation Chain Depth Remediation
How to fix excessive delegation chain depth in Solana programs.
svmaccess-control
Read More
SVM Remediation
SPL Token Delegation Overflow Remediation
How to fix integer overflow vulnerabilities in token delegation amount calculations.
svmaccess-control
Read More
SVM Remediation
SPL Token Delegation Security Remediation
How to fix unsafe token delegation patterns in Solana programs.
svmaccess-control
Read More
SVM Remediation
SPL Token Freeze Burn Validation Remediation
How to fix unsafe freeze and burn operations in Solana programs.
svmaccess-control
Read More
SVM Remediation
Frozen Account Operations Remediation
How to fix missing frozen state checks before token operations.
svmaccess-control
Read More
SVM Remediation
SPL Token Metadata Validation Remediation
How to fix metadata validation issues including PDA checks and URI validation.
svmaccess-control
Read More
SVM Remediation
SPL Token Mint Authority Remediation
How to fix mint authority vulnerabilities in Solana token programs.
svmaccess-control
Read More
SVM Remediation
SPL Token Transfer Hooks Remediation
How to fix transfer hook vulnerabilities in Token-2022 programs.
svmaccess-control
Read More
SVM Remediation
Stack Depth Violation Remediation
How to fix CPI depth limit violations.
svmdenial-of-service
Read More
SVM Remediation
Stale Account Data Remediation
How to fix stale account data usage after CPI calls.
svmaccess-control
Read More
SVM Remediation
Swap Validation Remediation
How to fix missing validation in token swap operations.
svmaccess-control
Read More
SVM Remediation
Sysvar Cache Staleness Remediation
How to fix stale sysvar data usage.
svmaccess-control
Read More
SVM Remediation
Sysvar Substitution Remediation
How to fix unverified sysvar account usage that allows data spoofing.
svmaccount-validation
Read More
SVM Remediation
Timelock Operations Remediation
How to fix missing timelock delays, timestamp validation issues, and unprotected cancellation.
svmaccess-control
Read More
SVM Remediation
Timestamp Dependency Remediation
How to fix dangerous dependencies on block timestamps in security-critical logic.
svmtime-dependency
Read More
SVM Remediation
Token-2022 Confidential Remediation
How to fix Token-2022 confidential transfer vulnerabilities.
svmaccess-control
Read More
SVM Remediation
Token Account Ownership Remediation
How to fix missing account ownership validation before CPI calls.
svmaccount-validation
Read More
SVM Remediation
Token Account Spoofing Remediation
How to fix token account spoofing and aliasing vulnerabilities.
svmaccess-control
Read More
SVM Remediation
Token Balance Invariant Remediation
How to fix token operations that violate balance accounting invariants.
svmaccess-control
Read More
SVM Remediation
Token Decimal Mismatch Remediation
How to fix token decimal mismatch vulnerabilities in cross-token operations.
svmaccess-control
Read More
SVM Remediation
Token Extension Security Remediation
How to fix Token-2022 extension security misconfigurations.
svmaccess-control
Read More
SVM Remediation
Token Init Race Remediation
How to fix token account initialization race conditions.
svmaccess-control
Read More
SVM Remediation
Token-2022 Immutable Owner Remediation
How to fix Token-2022 Immutable Owner extension issues.
svmaccess-control
Read More
SVM Remediation
Token-2022 Transfer Fee Bypass Remediation
How to fix Token-2022 transfer fee accounting issues.
svmfund-safety
Read More
SVM Remediation
Transaction Size DoS Remediation
How to fix transaction size DoS vulnerabilities.
svmdenial-of-service
Read More
SVM Remediation
Unchecked Arithmetic Remediation
How to fix unchecked arithmetic operations that could silently overflow or underflow.
svminteger-overflow
Read More
SVM Remediation
Unchecked CPI Return Remediation
How to fix CPI calls that ignore return values, preventing silent failures.
svmaccess-control
Read More
SVM Remediation
Unchecked Deserialization Remediation
How to fix unchecked deserialization vulnerabilities.
svmaccess-control
Read More
SVM Remediation
Uninitialized Account Remediation
How to fix uninitialized account access vulnerabilities.
svmaccess-control
Read More
SVM Remediation
Unsafe Deserialization Remediation
How to fix unsafe account data access patterns.
svmaccess-control
Read More
SVM Remediation
Voting Power Manipulation Remediation
How to fix governance voting power manipulation vulnerabilities.
svmaccess-control
Read More
SVM Remediation
Weak PDA Entropy Remediation
How to fix PDA derivations using weak seed entropy.
svmpda-validation
Read More
SVM Remediation
Wrapped Token Parity Remediation
How to fix missing wrapped token supply vs collateral parity validation.
svmfund-safety
Read More
SVM Remediation
Zero Amount Operation Remediation
How to fix missing zero-amount validation in token operations.
svmaccess-control
Read More
SVM Remediation
Zero Copy Deserialization Remediation
How to fix unsafe zero-copy deserialization patterns.
svmaccess-control
Read More
Zero-Knowledge Remediation
Cross-Template Constraint Gap Remediation
How to fix broken constraint chains between template instances by using constrained wiring.
zkunder-constrained
Read More
Zero-Knowledge Remediation
Constraint Degree Overflow Remediation
How to fix constraints that exceed the R1CS quadratic degree limit by decomposing into intermediate signals.
zkconstraint-validity
Read More
Zero-Knowledge Remediation
Division by Zero Remediation
How to prevent division-by-zero risks in ZK circuits by adding non-zero constraints on divisor signals.
zkcritical
Read More
Zero-Knowledge Remediation
Feedback Loop Remediation
How to fix circular signal dependencies that create unsatisfiable or ambiguous constraint systems.
zkconstraint-validity
Read More
Zero-Knowledge Remediation
Field Overflow Remediation
How to prevent field overflow in ZK circuit arithmetic by adding range constraints on signals before operations.
zkinteger-overflow
Read More
Zero-Knowledge Remediation
Noir Circuit Vulnerabilities Remediation
How to fix Noir-specific vulnerabilities including unconstrained function misuse, oracle manipulation, and Brillig escapes.
zkunder-constrainedaccess-control
Read More
Zero-Knowledge Remediation
Nondeterministic Control Flow Remediation
How to fix ternary operators in unconstrained assignments where the prover controls which branch executes.
zkunder-constrained
Read More
Zero-Knowledge Remediation
Nondeterministic Witness Remediation
How to constrain nondeterministic operations in ZK witness generation to prevent prover manipulation.
zk
Read More
Zero-Knowledge Remediation
Quadratic Constraint Composition Remediation
How to fix constraint expressions with multiple multiplications that do not decompose cleanly into R1CS form.
zkconstraint-validity
Read More
Zero-Knowledge Remediation
Missing Range Check Remediation
How to fix missing range constraints on signals used in size-sensitive operations.
zkunder-constrained
Read More
Zero-Knowledge Remediation
Signal Aliasing Remediation
How to fix redundant equality constraints that create aliases without adding security.
zkunder-constrained
Read More
Zero-Knowledge Remediation
Signal as Array Index Remediation
How to fix unconstrained signals used as array indices by using constrained multiplexer circuits.
zkunder-constrained
Read More
Zero-Knowledge Remediation
Signal Mutation in Loop Remediation
How to fix self-referential signal mutations in loops by using signal arrays with per-step constraints.
zkunder-constrained
Read More
Zero-Knowledge Remediation
Signal Reuse Remediation
How to fix signals assigned multiple times by using distinct signals or arrays for each computed value.
zkunder-constrained
Read More
Zero-Knowledge Remediation
Template Misuse Remediation
How to fix incorrect template instantiation patterns including parameter mismatches and unconstrained wiring.
zkunder-constrained
Read More
Zero-Knowledge Remediation
Trivial Constraint Remediation
How to fix constraints that are always satisfied regardless of signal values.
zkunder-constrained
Read More
Zero-Knowledge Remediation
Unchecked Component Remediation
How to fix component instances with disconnected inputs or outputs that do not contribute to circuit security.
zkunder-constrained
Read More
Zero-Knowledge Remediation
Unsafe Comparison Remediation
How to fix comparison operators in unconstrained assignments by using constrained circomlib comparator components.
zkunder-constrained
Read More
Zero-Knowledge Remediation
Unused and Dead Signals Remediation
How to fix unused public inputs, unassigned signals, and dead signals in ZK circuits.
zkunder-constrained
Read More
Zero-Knowledge Remediation
Witness Complexity Remediation
How to fix complex unconstrained witness computations by decomposing into simpler steps with per-step constraints.
zkunder-constrained
Read More
EVM high Detector
Atomic State Update
Detects non-atomic multi-step state updates where intermediate consistency checks are missing between storage writes.
evmhighlogic-errorstatic-analysis
Read More
EVM high Detector
Callback State Mutation
Detects state mutations after external calls that may trigger callbacks, violating the Checks-Effects-Interactions pattern.
evmhighreentrancystatic-analysis
Read More
EVM high Detector
Constructor State
Detects improper state initialization in constructors of upgradeable contracts where state is invisible to proxies.
evmhighproxystatic-analysis
Read More
EVM high Detector
DoS with Failed Call
Detects denial of service vulnerabilities where external calls in loops lack error handling, allowing one failed call to block entire batch operations.
evmhighdenial-of-servicestatic-analysis
Read More
EVM high Detector
Initializer Reentrancy
Detects proxy initializer functions that make external calls before setting the initialized flag, enabling re-initialization attacks.
evmhighreentrancystatic-analysis
Read More
EVM high Detector
Loop Gas Exhaustion
Detects loops without proper iteration bounds where the count can be influenced by external input, causing DoS via block gas limit exhaustion.
evmhighdenial-of-servicestatic-analysis
Read More
EVM high Detector
Memory Expansion DoS
Detects unbounded memory allocation patterns that can cause out-of-gas denial of service attacks.
evmhighdenial-of-servicestatic-analysis
Read More
EVM high Detector
Merkle Proof Verification
Detects insecure Merkle proof verification patterns vulnerable to second preimage attacks and proof malleability.
evmhighcryptographystatic-analysis
Read More
EVM high Detector
Metamorphic Contract
Detects contracts that can be destroyed and redeployed at the same address with different code using CREATE2 and SELFDESTRUCT.
evmhighcode-replacementstatic-analysis
Read More
EVM high Detector
Off-By-One
Detects off-by-one errors in loop boundaries that can lead to skipped elements or out-of-bounds array access.
evmhighlogic-errorstatic-analysis
Read More
SVM critical Detector
Conditional Validation Bypass
Detects security validations placed inside conditional branches that can be bypassed through alternate execution paths.
svmcriticalconditional-validation-bypassstatic-analysis
Read More
SVM critical Detector
CPI Authority Downgrade
Detects privileged accounts being passed to unvalidated programs via CPI, enabling authority hijacking.
svmcriticalcpi-authority-downgradestatic-analysis
Read More
SVM critical Detector
CPI Return Value Forgery
Detects CPI return data used for critical operations without independent on-chain state verification.
svmcriticalcpi-return-forgerystatic-analysis
Read More
SVM critical Detector
CPI Signer Simulation
Detects false signer claims in cross-program invocations where accounts were not actually signed in the original transaction.
svmcriticalcpi-signer-simulationstatic-analysis
Read More
SVM critical Detector
DeFi Reentrancy
Detects DeFi-specific reentrancy patterns where external calls occur before state updates in vault, lending, and staking operations.
svmcriticaldefi-reentrancystatic-analysis
Read More
SVM critical Detector
Flash Loan Validation
Detects missing repayment validation in flash loan patterns, allowing borrowers to avoid repaying borrowed funds.
svmcriticalflash-loan-validationstatic-analysis
Read More
SVM critical Detector
Mint Authority Abuse
Detects token minting operations without proper mint authority validation, enabling unauthorized token supply inflation.
svmcriticalmint-authority-abusestatic-analysis
Read More
SVM critical Detector
PDA Signer Seed Extraction
Detects PDA signer seeds that can be extracted or predicted by attackers, enabling PDA authority bypass.
svmcriticalpda-signer-seed-extractionstatic-analysis
Read More
SVM critical Detector
SPL Governance Attack
Detects missing safeguards in governance implementations that enable proposal manipulation and flash governance attacks.
svmcriticalspl-governance-attackstatic-analysis
Read More
SVM critical Detector
Sysvar Account Spoofing
Detects programs reading sysvar data from accounts without validating the account key matches the canonical sysvar address.
svmcriticalsysvar-account-spoofingstatic-analysis
Read More
SVM critical Detector
Unchecked Fee/Rent Math
Detects unchecked arithmetic in fee and rent calculations that can overflow or underflow, leading to fund loss.
svmcriticalunchecked-fee-rent-mathstatic-analysis
Read More
SVM critical Detector
Vault Manipulation
Detects unauthorized vault state modifications and missing invariant checks in DeFi vault operations.
svmcriticalvault-manipulationstatic-analysis
Read More
Zero-Knowledge critical Detector
Private Input Unchecked
Detects Noir private (witness) inputs of type Field that are not referenced in any assertion, allowing the prover to set them to arbitrary values.
zkcriticalprivate-input-uncheckedstatic-analysis
Read More
Zero-Knowledge critical Detector
Prover-Controlled Loop Bound
Detects loop iteration bounds that depend on unconstrained signal values, allowing the prover to choose how many iterations execute.
zkcriticalprover-controlled-loopstatic-analysis
Read More
Zero-Knowledge critical Detector
Unconnected Component Inputs
Detects component instantiations where outputs are read but inputs are not wired, leaving the sub-circuit unconstrained and enabling proof forgery.
zkcriticalunconnected-componentstatic-analysis
Read More
Zero-Knowledge critical Detector
Unconstrained Output
Detects circuit output signals that lack any constraining assignment or explicit constraint, allowing the prover to set outputs to arbitrary values.
zkcriticalunconstrained-outputstatic-analysis
Read More
Zero-Knowledge critical Detector
Unconstrained Public Input
Detects public input signals that are used in computations but never appear in any constraint, enabling the prover to forge the claimed public input value.
zkcriticalunconstrained-public-inputstatic-analysis
Read More
Zero-Knowledge critical Detector
Under-Constrained Signal
Detects signals assigned via unconstrained assignment without any corresponding constraint, allowing the prover to set them to arbitrary values.
zkcriticalunder-constrainedstatic-analysis
Read More
EVM Remediation
Remediating Atomic State Update Violations
How to ensure multi-step state updates maintain invariant consistency using intermediate checks, reentrancy guards, and explicit state machine patterns.
evmlogic-error
Read More
EVM Remediation
Remediating Callback State Mutation Vulnerabilities
How to fix state mutations after external calls by applying the Checks-Effects-Interactions pattern and reentrancy guards.
evmreentrancy
Read More
EVM Remediation
Remediating Constructor State in Upgradeable Contracts
How to move state initialization from constructors to initializer functions in proxy-based upgradeable contracts.
evmproxy
Read More
EVM Remediation
Remediating DoS with Failed Call
How to prevent denial of service from unchecked external calls in loops using error handling, pull patterns, and try/catch.
evmdenial-of-service
Read More
EVM Remediation
Remediating Initializer Reentrancy
How to prevent reentrancy in proxy initializer functions by using OpenZeppelin's Initializable modifier and setting the initialization flag before external calls.
evmreentrancy
Read More
EVM Remediation
Remediating Loop Gas Exhaustion
How to prevent DoS via block gas limit exhaustion by adding maximum iteration limits, pagination, and pull-over-push patterns.
evmdenial-of-service
Read More
EVM Remediation
Remediating Memory Expansion DoS
How to prevent out-of-gas denial of service by bounding memory allocation size in functions that process untrusted input.
evmdenial-of-service
Read More
EVM Remediation
Remediating Insecure Merkle Proof Verification
How to prevent second preimage attacks and proof malleability by using double-hashed leaves and audited Merkle proof libraries.
evmcryptography
Read More
EVM Remediation
Remediating Metamorphic Contract Risks
How to prevent code replacement attacks by removing SELFDESTRUCT from CREATE2-deployed contracts and using standard proxy patterns.
evmcode-replacement
Read More
EVM Remediation
Remediating Off-By-One Errors
How to fix off-by-one errors in loop boundaries by using correct comparison operators and avoiding length-1 patterns.
evmlogic-error
Read More
SVM Remediation
Conditional Validation Bypass Remediation
How to ensure security validations execute unconditionally on all paths to critical operations.
svmconditional-validation-bypass
Read More
SVM Remediation
CPI Authority Downgrade Remediation
How to prevent privileged accounts from being delegated to unvalidated programs via cross-program invocations.
svmcpi-authority-downgrade
Read More
SVM Remediation
CPI Return Value Forgery Remediation
How to prevent forged CPI return data from influencing critical program operations.
svmcpi-return-forgery
Read More
SVM Remediation
CPI Signer Simulation Remediation
How to prevent false signer claims in cross-program invocations by validating signer status before CPI calls.
svmcpi-signer-simulation
Read More
SVM Remediation
DeFi Reentrancy Remediation
How to prevent DeFi reentrancy by following the checks-effects-interactions pattern in vault, lending, and staking operations.
svmdefi-reentrancy
Read More
SVM Remediation
Flash Loan Validation Remediation
How to enforce flash loan repayment validation to prevent borrowers from defaulting on loans.
svmflash-loan-validation
Read More
SVM Remediation
Mint Authority Abuse Remediation
How to validate mint authority before token minting operations to prevent unauthorized supply inflation.
svmmint-authority-abuse
Read More
SVM Remediation
PDA Signer Seed Extraction Remediation
How to protect PDA signer seeds from extraction by using domain separation and program-controlled seed components.
svmpda-signer-seed-extraction
Read More
SVM Remediation
SPL Governance Attack Remediation
How to protect governance implementations from flash governance, quorum bypass, and timelock circumvention.
svmspl-governance-attack
Read More
SVM Remediation
Sysvar Account Spoofing Remediation
How to prevent sysvar spoofing by validating account keys or using the Sysvar::get() API.
svmsysvar-account-spoofing
Read More
SVM Remediation
Unchecked Fee/Rent Math Remediation
How to use checked arithmetic in fee and rent calculations to prevent overflow and underflow exploits.
svmunchecked-fee-rent-math
Read More
SVM Remediation
Vault Manipulation Remediation
How to protect DeFi vault state from unauthorized modifications through access control and invariant enforcement.
svmvault-manipulation
Read More
Zero-Knowledge Remediation
Private Input Unchecked Remediation
How to fix unchecked private inputs in Noir by adding assertions that constrain witness values.
zkprivate-input-unchecked
Read More
Zero-Knowledge Remediation
Prover-Controlled Loop Bound Remediation
How to fix prover-controlled loop bounds by using constants, template parameters, or constrained signals.
zkprover-controlled-loop
Read More
Zero-Knowledge Remediation
Unconnected Component Inputs Remediation
How to fix unconnected component inputs by wiring all sub-circuit inputs to parent signals using constraining assignments.
zkunconnected-component
Read More
Zero-Knowledge Remediation
Unconstrained Output Remediation
How to fix unconstrained output signals by adding constraining assignments or explicit constraints.
zkunconstrained-output
Read More
Zero-Knowledge Remediation
Unconstrained Public Input Remediation
How to fix unconstrained public inputs by adding constraints that bind them to the circuit's computation.
zkunconstrained-public-input
Read More
Zero-Knowledge Remediation
Under-Constrained Signal Remediation
How to fix under-constrained signals by adding proper constraints to ensure circuit soundness.
zkunder-constrained
Read More
EVM critical Detector
Arbitrary ERC-20 Transfer
Detects ERC-20 transfer and transferFrom calls where the recipient or amount is user-controlled without access control, enabling token theft.
evmcriticalaccess-controlstatic-analysis
Read More
EVM critical Detector
Arbitrary External Calls
Detects external calls to user-controlled addresses without validation, enabling attackers to redirect execution to malicious contracts.
evmcriticalaccess-controlstatic-analysis
Read More
EVM critical Detector
Arbitrary Jump
Detects JUMP or JUMPI instructions where the destination is derived from user input, enabling control-flow hijacking.
evmcriticalaccess-controlstatic-analysis
Read More
EVM critical Detector
Arbitrary Storage Write
Detects functions that write to storage slots determined by user-controlled input, enabling attackers to overwrite any state variable.
evmcriticalaccess-controlstatic-analysis
Read More
EVM high Detector
Assert Violation
Detects reachable assert() statements that indicate invariant violations and potential logic bugs in smart contracts.
evmhighunchecked-returnstatic-analysis
Read More
EVM high Detector
Bit Shift Overflow
Detects unsafe bit shift operations where the shift amount is user-controlled or exceeds the operand width, causing silent data loss.
evmhighinteger-overflowstatic-analysis
Read More
EVM medium Detector
Calls in Loop
Detects external calls inside loops that can cause denial-of-service when any single call reverts or the loop exceeds the block gas limit.
evmmediumdenial-of-servicestatic-analysis
Read More
EVM critical Detector
Conditional Storage Collision
Detects storage slot collisions in proxy contracts that occur only under specific execution paths or conditions, leading to intermittent state corruption.
evmcriticalstorage-collisionproxy-pattern
Read More
EVM high Detector
Controlled Array Length
Detects unbounded dynamic arrays that can grow without limit, enabling denial-of-service through gas exhaustion on iteration.
evmhighdenial-of-servicestatic-analysis
Read More
EVM high Detector
CREATE2 Collision
Detects CREATE2 deployments where salt values can be predicted or brute-forced, enabling address collision attacks.
evmhighaccess-controlstatic-analysis
Read More
EVM critical Detector
Decimal Mismatch
Detects arithmetic operations that mix values with different decimal precision without normalization, causing massive over- or under-payments.
evmcriticalinteger-overflowstatic-analysis
Read More
EVM low Detector
Default Visibility
Detects functions and state variables with implicit visibility that may unintentionally be public.
evmlowaccess-controlstatic-analysis
Read More
EVM low Detector
Deprecated Functions
Detects usage of deprecated Solidity functions and constructs that may be removed in future compiler versions.
evmlowgas-optimizationstatic-analysis
Read More
EVM critical Detector
Diamond Collision
Detects storage slot collisions between facets in EIP-2535 diamond proxy contracts, where independent facets may unknowingly share storage locations.
evmcriticalstorage-collisionproxy-pattern
Read More
EVM medium Detector
Divide Before Multiply
Detects arithmetic expressions where division precedes multiplication, causing precision loss from integer truncation.
evmmediuminteger-overflowstatic-analysis
Read More
EVM critical Detector
Division by Zero
Detects division and modulo operations where the divisor may be zero, causing transaction reverts that lock funds or enable denial of service.
evmcriticaldenial-of-servicestatic-analysis
Read More
EVM critical Detector
Empty Code Detection
Detects external calls to user-controlled addresses without verifying that the target has deployed code, where silent success masks failed interactions.
evmcriticalunchecked-returnstatic-analysis
Read More
EVM high Detector
ERC-20 Approve Race
Detects ERC-20 approve functions vulnerable to the front-running race condition where a spender can spend both old and new allowances.
evmhighfront-runningstatic-analysis
Read More
EVM critical Detector
EXTCODESIZE Bypass
Detects access control checks using EXTCODESIZE that can be bypassed by calling from a contract's constructor, where code size is zero.
evmcriticalaccess-controlstatic-analysis
Read More
EVM high Detector
Fee-on-Transfer
Detects contracts that assume the received token amount equals the transferred amount, failing to account for fee-on-transfer tokens.
evmhighinteger-overflowstatic-analysis
Read More
EVM low Detector
Floating Pragma
Detects contracts compiled with a floating pragma version that may produce different bytecode across compiler versions.
evmlowgas-optimizationstatic-analysis
Read More
EVM high Detector
Function Selector Collision
Detects functions with colliding 4-byte selectors that can cause incorrect function dispatch or proxy confusion.
evmhighproxy-patternstatic-analysis
Read More
EVM medium Detector
Gas Griefing
Detects external calls that forward insufficient gas or allow callers to specify gas amounts that cause downstream operations to fail.
evmmediumdenial-of-servicestatic-analysis
Read More
EVM medium Detector
Hash Collision
Detects abi.encodePacked usage with multiple dynamic types that can produce hash collisions via data concatenation ambiguity.
evmmediumaccess-controlstatic-analysis
Read More
EVM critical Detector
Immutable Violation
Detects modifications to storage variables that should be immutable, including constructor-set values modified by public functions and view-named functions that write to storage.
evmcriticalaccess-controlstatic-analysis
Read More
EVM medium Detector
Incorrect Comparison
Detects comparison operators that are likely wrong — using = instead of ==, > instead of >=, or comparing incompatible types.
evmmediuminteger-overflowstatic-analysis
Read More
EVM critical Detector
Incorrect Constructor
Detects initialization functions that were intended as constructors but became callable public functions due to naming errors in Solidity 0.4.x contracts.
evmcriticalaccess-controlstatic-analysis
Read More
EVM high Detector
Incorrect Exponent
Detects confusion between the XOR operator (^) and exponentiation (**) in Solidity arithmetic expressions.
evmhighinteger-overflowstatic-analysis
Read More
EVM high Detector
LP Token Inflation
Detects AMM and DEX liquidity pool contracts vulnerable to first-depositor inflation attacks where an attacker manipulates the share price to steal from subsequent depositors.
evmhighinteger-overflowstatic-analysis
Read More
EVM high Detector
MEV Vulnerabilities
Detects transaction ordering dependencies exploitable by miners and MEV searchers, including sandwich attacks, frontrunning, and backrunning patterns.
evmhighfront-runningstatic-analysis
Read More
EVM high Detector
Missing Deadline
Detects DEX and AMM swap operations that lack transaction deadline validation, allowing pending transactions to execute at stale prices.
evmhighfront-runningstatic-analysis
Read More
EVM high Detector
Missing Events
Detects critical state-changing operations that do not emit events, reducing transparency and making off-chain monitoring impossible.
evmhighaccess-controlstatic-analysis
Read More
EVM low Detector
Missing Zero Address Validation
Detects functions that accept address parameters without checking for the zero address, risking permanent fund loss.
evmlowaccess-controlstatic-analysis
Read More
EVM high Detector
msg.value in Loop
Detects msg.value used inside loops where the same ETH value is counted multiple times, enabling fund theft or accounting errors.
evmhighinteger-overflowstatic-analysis
Read More
EVM high Detector
Payable Fallback
Detects contracts with payable fallback or receive functions that accept ETH without proper handling or access control.
evmhighaccess-controlstatic-analysis
Read More
EVM critical Detector
Permit Frontrunning
Detects ERC-2612 permit implementations where nonce mismanagement enables frontrunning attacks on gasless approvals.
evmcriticalfront-runningstatic-analysis
Read More
EVM critical Detector
Rebasing Token
Detects contracts that interact with rebasing tokens (like stETH or AMPL) without accounting for balance changes that occur outside of explicit transfers.
evmcriticalinteger-overflowstatic-analysis
Read More
EVM high Detector
Semantic Reentrancy
Detects reentrancy vulnerabilities arising from semantic state inconsistencies rather than direct balance manipulation.
evmhighreentrancystatic-analysis
Read More
EVM critical Detector
Reserve Manipulation
Detects AMM and DEX contracts vulnerable to reserve manipulation via direct balance inflation, enabling attackers to skew prices or drain liquidity.
evmcriticaloracle-manipulationstatic-analysis
Read More
EVM high Detector
Returnbomb
Detects external calls vulnerable to returnbomb attacks where a malicious callee returns excessive data to cause out-of-gas reverts.
evmhighdenial-of-servicestatic-analysis
Read More
EVM high Detector
RTLO Unicode
Detects right-to-left override Unicode characters used in Trojan Source attacks to disguise malicious code as benign.
evmhighaccess-controlstatic-analysis
Read More
EVM high Detector
Sandwich Attack
Detects DEX swap functions vulnerable to sandwich attacks where missing slippage and deadline protections allow value extraction by MEV searchers.
evmhighfront-runningstatic-analysis
Read More
EVM low Detector
Variable Shadowing
Detects local variables or inherited state variables that shadow declarations in parent contracts, causing confusion about which variable is accessed.
evmlowaccess-controlstatic-analysis
Read More
EVM high Detector
Signature Malleability
Detects ECDSA signature verification that fails to check s-value bounds, v-value validity, or zero-address returns from ecrecover.
evmhighaccess-controlstatic-analysis
Read More
EVM high Detector
Signature Verification
Detects improper ECDSA signature verification patterns including missing checks, incorrect hash construction, and unsafe recovery.
evmhighaccess-controlstatic-analysis
Read More
EVM critical Detector
Storage Layout Versioning
Detects storage layout changes during proxy upgrades that could corrupt existing state, including reordered variables and changed types.
evmcriticalstorage-collisionproxy-pattern
Read More
EVM medium Detector
Tautological Compare
Detects comparisons that are always true or always false due to type constraints, rendering conditional logic dead.
evmmediuminteger-overflowstatic-analysis
Read More
EVM critical Detector
Token Hook Reentrancy
Detects reentrancy through ERC-777, ERC-1155, and ERC-4626 token callback hooks where state updates occur after hook-triggering transfers.
evmcriticalreentrancystatic-analysis
Read More
EVM critical Detector
Unchecked Call Target
Detects external calls where the target address is user-controlled and not validated against known-safe addresses, enabling call redirection attacks.
evmcriticalaccess-controlstatic-analysis
Read More
EVM medium Detector
Unchecked ERC-20
Detects ERC-20 token operations whose boolean return values are not checked, allowing silent transfer failures.
evmmediumunchecked-returnstatic-analysis
Read More
EVM high Detector
Uninitialized Storage
Detects storage variables and struct pointers used before initialization, where default zero values may cause unexpected behavior.
evmhighaccess-controlstatic-analysis
Read More
EVM critical Detector
Unprotected Ether Withdrawal
Detects functions that transfer Ether without verifying the caller's authorization, allowing anyone to drain the contract's ETH balance.
evmcriticalaccess-controlstatic-analysis
Read More
EVM high Detector
Unsafe Callback
Detects external callback hooks that execute untrusted code without proper validation, gas limits, or reentrancy protection.
evmhighreentrancystatic-analysis
Read More
EVM critical Detector
Unsafe Delegatecall
Detects delegatecall operations where the target address is user-controlled or loaded from storage without authorization, enabling complete contract takeover.
evmcriticalaccess-controlstatic-analysis
Read More
EVM high Detector
Unsafe Downcasting
Detects type casts that silently truncate values when converting from a larger to a smaller integer type.
evmhighinteger-overflowstatic-analysis
Read More
EVM critical Detector
Vault Rounding
Detects rounding direction errors in ERC-4626 vault share calculations that allow attackers to extract value through precision manipulation.
evmcriticalinteger-overflowstatic-analysis
Read More
EVM medium Detector
Write After Write
Detects redundant storage writes where a variable is written twice without an intervening read, wasting gas and potentially indicating logic errors.
evmmediumgas-optimizationstatic-analysis
Read More
SVM high Detector
Account Type Confusion
Detects accounts used in conflicting roles or deserialized as the wrong type, enabling attackers to substitute one account type for another.
svmhightype-cosplaystatic-analysis
Read More
SVM high Detector
Anchor Constraint Bypass
Detects missing or incomplete Anchor account constraint validation that could allow unauthorized account substitution.
svmhighaccount-validationstatic-analysis
Read More
SVM critical Detector
Clock Account Spoofing
Detects programs that read time data from unvalidated accounts instead of the canonical Clock sysvar, enabling timestamp manipulation.
svmcriticalaccount-validationstatic-analysis
Read More
SVM high Detector
Input Validation
Detects missing validation of user-controlled inputs including instruction parameters, account data fields, and system call results in Solana programs.
svmhighaccount-validationstatic-analysis
Read More
SVM critical Detector
PDA Seed Collision
Detects PDA derivations with weak seed patterns that could collide with other PDAs or system addresses, enabling account hijacking.
svmcriticalpda-validationstatic-analysis
Read More
SVM high Detector
Read-Only Reentrancy
Detects potential read-only reentrancy through CPI calls where a callee reads stale state from the caller during a callback.
svmhighreentrancystatic-analysis
Read More
EVM Remediation
Remediating Arbitrary External Calls
How to prevent external calls to user-controlled addresses by validating targets against whitelists.
evmaccess-control
Read More
EVM Remediation
Remediating Decimal Mismatch
How to normalize token decimal precision before arithmetic to prevent over/under-payment vulnerabilities.
evminteger-overflow
Read More
EVM Remediation
Remediating Immutable Violation
How to enforce immutability of constructor-set variables using the immutable keyword and initialization guards.
evmaccess-control
Read More
EVM Remediation
Remediating Token Hook Reentrancy
How to prevent reentrancy through ERC-777, ERC-1155, and ERC-4626 callback hooks using the CEI pattern and reentrancy guards.
evmreentrancy
Read More
SVM Remediation
Remediating Input Validation
How to validate user-controlled instruction data and account fields in Solana programs.
svmaccount-validation
Read More
EVM Remediation
Validator/Relayer Compromise Remediation
How to harden bridge validator and relayer infrastructure against compromise through high consensus thresholds, hardware key management, validator diversity, rotation schedules, and fraud proof challenge windows.
evmaccess-control
Read More
SVM Remediation
Missing Rent Check Remediation
How to verify rent exemption when creating or modifying Solana accounts to prevent garbage collection of program-owned accounts.
svmaccount-validation
Read More
EVM Remediation
Cross-Chain Oracle Inconsistency Remediation
How to eliminate cross-chain oracle vulnerabilities by adding L2 sequencer uptime checks, grace period enforcement, and cross-source price deviation validation before reading any Chainlink price feed on L2 networks.
evmoracle-manipulation
Read More
EVM Remediation
Cross-Chain Balance Inconsistency Remediation
How to eliminate cross-chain bridge balance vulnerabilities by implementing proof deduplication, deep finality requirements, Merkle proof verification, and the lock-and-mint pattern.
evmaccess-control
Read More
EVM Remediation
Bridge Message Remediation
How to secure cross-chain bridge message processing by implementing nonce-based replay protection, chain ID binding, explicit state initialization, and validator threshold requirements.
evmaccess-control
Read More
SVM Remediation
Deserialization Attack Remediation
How to safely deserialize Solana account data by validating discriminators, checking program ownership, and using Anchor's typed account system.
svmtype-cosplayaccount-validation
Read More
EVM Remediation
Timestamp-Based External Triggers Remediation
How to eliminate cross-chain timestamp coordination vulnerabilities by replacing exact timestamp matching with nonce-based identifiers and time-window validation that tolerates clock drift and miner manipulation.
evmfront-running
Read More
EVM Remediation
API/Off-Chain Data Remediation
How to secure contracts that consume off-chain data by requiring cryptographic signatures, freshness timestamps, and multiple independent sources to prevent data injection and replay attacks.
evmoracle-manipulation
Read More
EVM Remediation
Requirement Violations Remediation
How to eliminate requirement violation vulnerabilities by correcting comparison operators, adding missing input validation guards, replacing assert with require for user-facing checks, and upgrading to Solidity 0.8.0 for built-in overflow protection.
evmaccess-control
Read More
EVM Remediation
Centralization Risks Remediation
How to reduce centralization risk through timelocks, multi-signature wallets, on-chain governance, and hard-coded parameter caps that protect users from compromised or malicious admins.
evmaccess-control
Read More
EVM Remediation
Governance Attack Remediation
How to protect DAO governance systems against flash loan vote acquisition, low quorum exploitation, and timelock bypass using voting snapshots, mandatory delays, and flash loan-resistant token designs.
evmaccess-controlflash-loan
Read More
SVM Remediation
Arithmetic Overflow Remediation
How to prevent integer overflow and underflow in Solana programs by replacing unchecked arithmetic with checked methods and safe intermediate widening.
svminteger-overflow
Read More
EVM critical Attack Pattern
Access Control Bypass
How attackers exploit missing or improper access restrictions on critical functions — responsible for over $1.3 billion in DeFi losses including the largest hack in history.
evmcriticalaccess-controlauthorization
Read More
EVM critical Attack Pattern
Bridge Message Manipulation
How attackers forge, replay, or bypass cross-chain bridge messages to mint unauthorized assets — responsible for over $1.2 billion in losses across the bridge ecosystem.
evmcriticalbridgecross-chain
Read More
EVM high Attack Pattern
Flash Loan Attack
How attackers use uncollateralized flash loans to manipulate prices, exploit protocol logic, and drain funds within a single transaction.
evmhighflash-loandefi
Read More
EVM critical Attack Pattern
Oracle Manipulation
How attackers manipulate price oracles to exploit lending protocols, inflate collateral, and drain DeFi platforms — the most costly attack class in DeFi history.
evmcriticaloracleprice-manipulation
Read More
EVM critical Attack Pattern
Reentrancy Attack
How attackers exploit external calls that execute before state updates to recursively drain funds from smart contracts.
evmcriticalreentrancystate-management
Read More
SVM Remediation
Account Type Confusion Remediation
How to validate account discriminators and use Anchor's typed account system to prevent attackers from substituting accounts of the wrong type.
svmtype-cosplayaccount-validation
Read More
EVM Remediation
Unchecked ERC20 Operations Remediation
How to safely handle ERC20 token transfers by using SafeERC20.safeTransfer, accounting for fee-on-transfer tokens, and avoiding the token approve-transferFrom race condition.
evmunchecked-return
Read More
EVM Remediation
Price Deviation Remediation
How to protect protocols from extreme price movements and flash loan manipulation using deviation bounds, TWAP comparison, circuit breakers, and absolute price range constraints.
evmoracle-manipulation
Read More
EVM Remediation
Single Oracle Dependency Remediation
How to eliminate single oracle dependency by implementing multi-source price architectures, cross-validation, and circuit breakers that keep protocols functioning when any individual feed fails.
evmoracle-manipulation
Read More
EVM Remediation
Stale Oracle Data Remediation
How to eliminate stale Chainlink oracle vulnerabilities by validating all latestRoundData return fields, enforcing heartbeat-based freshness thresholds, and adding L2 sequencer uptime checks.
evmoracle-manipulation
Read More
EVM Remediation
Oracle Failure Remediation
How to harden contracts against oracle failure modes — zero prices, extreme values, and feed unavailability — using input validation, bounds checking, fallback oracles, and circuit breakers.
evmoracle-manipulation
Read More
EVM Remediation
Arbitrary Storage Write Remediation
How to eliminate arbitrary storage write vulnerabilities by removing user-controlled assembly SSTORE operations, using Solidity mappings, and enforcing slot allowlists for unavoidable inline assembly.
evmstorage-collisionaccess-control
Read More
EVM Remediation
Signature Malleability Remediation
How to prevent ECDSA signature malleability attacks by enforcing EIP-2 low-s values and tracking message hashes as nonces instead of signature hashes.
evmaccess-control
Read More
EVM Remediation
ERC20 Violations Remediation
How to eliminate ERC20 integration vulnerabilities by using SafeERC20 for all token operations, measuring actual received amounts for fee-on-transfer tokens, and handling non-standard token behaviors such as missing return values and rebase mechanics.
evmunchecked-return
Read More
EVM Remediation
Uninitialized Storage Pointer Remediation
How to eliminate uninitialized storage pointer vulnerabilities by upgrading to Solidity 0.5.0+ and always assigning storage references to explicit mapping or array slots.
evmstorage-collision
Read More
EVM Remediation
Default Visibility Remediation
How to eliminate default visibility vulnerabilities by always specifying explicit visibility modifiers on all functions and state variables, and upgrading to Solidity 0.5.0+ which enforces this at compile time.
evmaccess-control
Read More
EVM Remediation
Timestamp Manipulation Remediation
How to eliminate block.timestamp dependency vulnerabilities by replacing miner-manipulable timestamp randomness and time-locks with Chainlink VRF and block-number-based logic.
evmfront-running
Read More
SVM Remediation
Weak Randomness Remediation (Solana)
How to eliminate weak randomness vulnerabilities in Solana programs by replacing predictable on-chain entropy sources with Verifiable Random Functions (VRF) or commit-reveal schemes.
svmstatic-analysis
Read More
SVM high Detector
Weak Randomness
Detects Solana programs that derive randomness from predictable on-chain sources such as clock timestamps, slot numbers, or account hashes.
svmhighaccess-controlstatic-analysis
Read More
SVM Remediation
Oracle Manipulation Remediation (Solana)
How to defend Solana DeFi programs against oracle price manipulation through account ownership verification, staleness checks, confidence interval validation, and multi-oracle aggregation.
svmstatic-analysisdata-flow
Read More
SVM critical Detector
Oracle Manipulation
Detects Solana programs that rely on unvalidated or manipulable price oracle data, enabling attackers to trigger liquidations, drain vaults, or manipulate DeFi calculations.
svmcriticaloracle-manipulationstatic-analysis
Read More
SVM Remediation
Signature Replay Remediation (SVM)
How to prevent signature replay in Solana programs by including a nonce and deadline in the signed message and incrementing the nonce after each successful verification.
svmaccess-control
Read More
SVM high Detector
Signature Replay
Detects signature verification without nonce or deadline replay protection, allowing valid signatures to be reused across multiple transactions.
svmhighaccess-controlstatic-analysis
Read More
SVM Remediation
Remediating Remaining Accounts Injection
How to safely use ctx.remaining_accounts by validating account ownership, type discriminators, and writability before any privileged operations.
svmaccount-validationaccess-control
Read More
SVM high Detector
Remaining Accounts Injection
Detects use of ctx.remaining_accounts in privileged operations without ownership and discriminator validation, allowing attackers to inject malicious accounts that bypass Anchor's type system.
svmhighaccount-validationaccess-control
Read More
SVM Remediation
Remediating Account Alias Attacks
How to prevent account role confusion by explicitly validating that accounts in distinct roles have distinct addresses.
svmaccount-validationaccess-control
Read More
SVM high Detector
Account Alias Attack (Role Confusion)
Detects when the same account is passed in multiple positions with incompatible role requirements, enabling an attacker to bypass security checks through role confusion.
svmhighaccount-validationaccess-control
Read More
EVM Remediation
Remediating Bridge Security Vulnerabilities
How to protect cross-chain bridge implementations against missing message verification, replay attacks, unauthorized relay, and protocol-specific LayerZero, Axelar, and Hyperlane integration errors.
evmaccess-controlcontrol-flow
Read More
SVM Remediation
Remediating Authority Chain Validation
How to ensure that delegated PDA signing authority is verified at each hop in a multi-step CPI chain, preventing intermediate programs from abusing implicitly inherited authority.
svmaccess-controlcontrol-flow
Read More
EVM high Detector
Bridge Security Vulnerabilities
Detects vulnerabilities in cross-chain bridge implementations including missing message verification, replay attack exposure, unauthorized relay functions, weak finality assumptions, and protocol-specific issues in LayerZero, Axelar, and Hyperlane integrations.
evmhighaccess-controlstatic-analysis
Read More
SVM high Detector
Authority Chain Validation
Detects multi-hop CPI authority chains where delegated signing authority is not validated at each intermediate hop, allowing an attacker to abuse implicitly inherited authority from a PDA signer.
svmhighaccess-controlstatic-analysis
Read More
EVM Remediation
Remediating Business Logic Errors
How to identify and fix business logic errors by enforcing protocol invariants, correctly ordering state updates, and validating edge cases.
evmaccess-controldata-flow
Read More
SVM Remediation
Remediating CPI Program ID Validation
How to ensure Cross-Program Invocations target the intended program by validating program account keys before invocation.
svmaccess-controldata-flow
Read More
EVM critical Detector
Business Logic Error
Detects violations of protocol-specific invariants — conditions that must always hold true for the protocol to operate correctly — including incorrect reward calculations, fee logic, and state transition rules.
evmcriticalaccess-controlstatic-analysis
Read More
SVM high Detector
CPI Program ID Validation
Detects Cross-Program Invocations where the target program account key is not verified against the expected program ID, allowing an attacker to substitute a malicious program that accepts the same instruction format.
svmhighaccess-controlstatic-analysis
Read More
EVM Remediation
Remediating Uninitialized UUPS Proxy
How to protect UUPS proxy implementations from front-running attacks by disabling initializers on the implementation contract.
evmproxy-patternaccess-control
Read More
SVM Remediation
Lamport Drain Remediation
How to prevent unauthorized SOL transfers by validating signer authorization and stored authority before any lamport modification.
svmaccess-control
Read More
EVM critical Detector
Uninitialized UUPS Proxy
Detects UUPS upgradeable proxy contracts where the implementation contract is deployed without calling the initializer, leaving the proxy's ownership and upgrade authority unset.
evmcriticalproxy-patternaccess-control
Read More
SVM critical Detector
Lamport Drain
Detects unauthorized lamport transfers where an account's SOL balance is transferred without proper signer, key, or owner authorization checks.
svmcriticalaccess-controlstatic-analysis
Read More
EVM Remediation
Remediating Vault Inflation Attacks
How to protect ERC-4626 vaults from first-depositor share price inflation attacks using virtual shares, dead share seeding, or minimum deposit requirements.
evminteger-overflowdata-flow
Read More
SVM Remediation
Duplicate Mutable Accounts Remediation
How to prevent duplicate mutable account aliasing in Solana programs by adding key equality constraints and explicit address comparisons.
svmaccount-validation
Read More
EVM high Detector
Vault Inflation Attack (ERC-4626 First Depositor)
Detects ERC-4626 tokenized vault implementations that are vulnerable to the first-depositor share price inflation attack, where an attacker manipulates the share price to cause subsequent depositors to receive zero shares.
evmhighinteger-overflowstatic-analysis
Read More
SVM medium Detector
Duplicate Mutable Accounts
Detects when the same account is passed at multiple positions in an instruction where both references are mutable, creating aliasing bugs and undefined behavior.
svmmediumaccount-validationstatic-analysis
Read More
EVM Remediation
Remediating Reward and Incentive Manipulation
How to protect staking and yield farming contracts against flash loan pool manipulation, timestamp gaming, and division-before-multiplication precision loss.
evmoracle-manipulationdata-flow
Read More
SVM Remediation
CPI Reentrancy Remediation
How to prevent Cross-Program Invocation reentrancy by applying the check-effects-interactions pattern and using CPI guards in Solana programs.
svmarbitrary-cpiaccess-control
Read More
EVM critical Detector
Reward and Incentive Manipulation
Detects vulnerabilities in staking, yield farming, and reward distribution functions that allow attackers to inflate reward claims through flash loans, timestamp manipulation, or division-before-multiplication precision loss.
evmcriticaloracle-manipulationstatic-analysis
Read More
SVM high Detector
CPI Reentrancy
Detects Solana programs that modify state after making a cross-program invocation, allowing the called program to invoke back before the state update completes.
svmhighreentrancystatic-analysis
Read More
EVM Remediation
Remediating Governance Attacks
How to protect DAO governance mechanisms against flash loan voting, timelock bypass, quorum manipulation, and treasury drain attacks.
evmaccess-controlcontrol-flow
Read More
SVM Remediation
Close Account Drain Remediation
How to safely close Solana accounts by zeroing data, verifying authority, and using Anchor's close constraint to prevent rent lamport theft.
svmaccess-control
Read More
EVM high Detector
Governance Attacks
Detects vulnerabilities in DAO governance mechanisms including flash loan-based voting, timelock bypass, quorum manipulation, delegation exploits, treasury drain, and emergency action abuse.
evmhighaccess-controlstatic-analysis
Read More
SVM critical Detector
Close Account Drain
Detects account closure patterns that leave residual lamports accessible to the program or allow the account to be drained without proper authorization.
svmcriticalaccess-controlstatic-analysis
Read More
EVM Remediation
Cross-Function Reentrancy Remediation
How to prevent cross-function reentrancy by applying the Checks-Effects-Interactions pattern and reentrancy guards to all functions sharing the same state.
evmreentrancy
Read More
SVM Remediation
Bump Seed Canonicalization Remediation
How to ensure PDA derivation uses the canonical bump seed from find_program_address rather than create_program_address with an attacker-supplied bump.
svmpda-validationaccount-validation
Read More
EVM critical Detector
Cross-Function Reentrancy
Detects reentrancy attacks that exploit multiple functions sharing the same state, where an attacker re-enters a different function before the original call completes its state updates.
evmcriticalreentrancystatic-analysis
Read More
SVM high Detector
Bump Seed Canonicalization
Detects PDA operations using potentially non-canonical bump seeds via create_program_address, which can enable PDA collision and address confusion attacks.
svmhighpda-validationaccount-validation
Read More
EVM Remediation
Remediating Read-Only Reentrancy
How to prevent read-only reentrancy by ensuring state is consistent before external calls and protecting price-reading functions from mid-execution observations.
evmreentrancycontrol-flow
Read More
SVM Remediation
Account Reinitialization Remediation
How to prevent account reinitialization attacks by adding an initialization guard that checks the discriminator or an explicit initialized flag before overwriting account state.
svmaccount-validation
Read More
EVM critical Detector
Read-Only Reentrancy
Detects view functions that read shared state mid-execution of a mutating call, allowing attackers to observe and exploit inconsistent intermediate state without modifying it.
evmcriticalreentrancystatic-analysis
Read More
SVM medium Detector
Account Reinitialization
Detects account data writes that lack a prior initialization check, allowing attackers to reset account state or overwrite existing data.
svmmediumaccount-validationstatic-analysis
Read More
EVM Remediation
Remediating Chainlink Stale Price Feed
How to validate Chainlink oracle data freshness by checking the updatedAt timestamp, answer validity, and round completeness before consuming price data.
evmoracle-manipulationdata-flow
Read More
SVM Remediation
Type Cosplay Remediation
How to prevent type cosplay attacks by validating the account discriminator before deserializing account data.
svmtype-cosplayaccount-validation
Read More
EVM high Detector
Chainlink Stale Price Feed
Detects contracts that consume Chainlink oracle data without verifying that the price is recent, allowing protocols to operate on outdated prices during network disruptions.
evmhighoracle-manipulationstatic-analysis
Read More
SVM high Detector
Type Cosplay (Discriminator Spoofing)
Detects account data deserialization that reads past the discriminator prefix without first validating it, allowing attackers to pass accounts of a different type.
svmhightype-cosplayaccount-validation
Read More
EVM Remediation
Slippage Validation Remediation
How to add slippage protection to DEX swap operations by exposing minimum output parameters and bounded deadlines to callers.
evmfront-running
Read More
SVM Remediation
Integer Overflow Remediation (SVM)
How to prevent integer overflow and underflow in Solana programs by using checked arithmetic methods and the Anchor checked_math! macro.
svminteger-overflow
Read More
EVM critical Detector
Slippage Validation
Detects missing or insufficient slippage protection in DEX swap and liquidity operations, allowing MEV bots and sandwich attackers to extract value from transactions.
evmcriticalfront-runningstatic-analysis
Read More
SVM high Detector
Integer Overflow (SVM)
Detects unchecked arithmetic operations on user-controlled values in Solana programs that may overflow or underflow, enabling fund manipulation.
svmhighinteger-overflowstatic-analysis
Read More
SVM high Detector
Integer Overflow / Underflow (Solana)
Detects arithmetic operations in Solana programs that can overflow or underflow, producing wrapped values that corrupt financial state.
svmhighinteger-overflowstatic-analysis
Read More
EVM Remediation
Signature Replay Remediation
How to prevent signature replay attacks by binding signed messages to a nonce, deadline, chain ID, and contract address using EIP-712.
evmaccess-control
Read More
SVM Remediation
PDA Manipulation Remediation
How to prevent PDA substitution attacks by using canonical bumps, storing bump seeds, and verifying PDA derivation with Anchor's seeds constraint.
svmpda-validation
Read More
EVM medium Detector
Signature Replay
Detects signature verification without chain ID, contract address, nonce, or deadline binding, allowing valid signatures to be reused across transactions, chains, or contracts.
evmmediumaccess-controlstatic-analysis
Read More
SVM high Detector
PDA Validation
Detects Program Derived Addresses that are used without verifying their seeds and bump, allowing attackers to substitute counterfeit PDAs.
svmhighpda-validationaccount-validation
Read More
EVM Remediation
Front-Running Remediation
How to reduce front-running exposure through commit-reveal schemes, slippage protection, and transaction batching.
evmfront-running
Read More
SVM Remediation
Arbitrary CPI Remediation
How to validate cross-program invocation targets to prevent attackers from redirecting CPI calls to malicious programs.
svmarbitrary-cpiaccess-control
Read More
EVM medium Detector
Front-Running
Detects transactions where the outcome depends on call ordering, enabling miners or other users to manipulate execution order for profit.
evmmediumfront-runningstatic-analysis
Read More
SVM critical Detector
Arbitrary Cross-Program Invocation
Detects cross-program invocations (CPI) where the target program ID is user-controlled and not validated, allowing attackers to redirect calls to malicious programs.
svmcriticalarbitrary-cpiaccess-control
Read More
EVM Remediation
Oracle Manipulation Remediation
How to eliminate oracle manipulation vulnerabilities by replacing spot prices with time-weighted averages and using decentralized oracle networks.
evmoracle-manipulation
Read More
SVM Remediation
Missing Writable Check Remediation
How to add is_writable validation before account modifications in Solana native programs and use Anchor's #[account(mut)] constraint.
svmaccount-validation
Read More
EVM high Detector
Oracle Manipulation
Detects smart contracts that rely on manipulable on-chain price sources, such as DEX spot prices or single-source price feeds, without time-weighted averaging.
evmhighoracle-manipulationstatic-analysis
Read More
SVM critical Detector
Missing Writable Check
Detects account modifications performed without verifying the is_writable flag, allowing read-only accounts to be silently corrupted or causing runtime errors.
svmcriticalaccount-validationstatic-analysis
Read More
EVM Remediation
Flash Loan Attack Vector Remediation
How to eliminate flash loan attack surfaces by replacing manipulable spot prices with time-weighted average prices and adding sanity bounds on price inputs.
evmflash-loanoracle-manipulation
Read More
SVM Remediation
Missing Owner Check Remediation
How to add proper account ownership validation in Solana programs to prevent unauthorized access via accounts owned by other programs.
svmaccount-validationaccess-control
Read More
EVM high Detector
Flash Loan Attack Vector
Detects protocol patterns that are susceptible to flash loan price manipulation — specifically, reliance on on-chain spot prices that can be manipulated within a single transaction.
evmhighflash-loanoracle-manipulation
Read More
SVM critical Detector
Missing Owner Check
Detects account data reads where the account's program owner is not verified, allowing attackers to pass maliciously crafted accounts with arbitrary data.
svmcriticalaccount-validationaccess-control
Read More
EVM Remediation
Precision Errors Remediation
How to eliminate precision loss in Solidity financial calculations by reordering operations, using scaling factors, and applying explicit rounding direction.
evminteger-overflow
Read More
SVM Remediation
Missing Signer Check Remediation
How to add proper signer verification before privileged operations in Solana programs using both native and Anchor approaches.
svmmissing-signer-checkaccess-control
Read More
EVM critical Detector
Precision Errors
Detects division-before-multiplication and rounding errors in financial calculations that cause systematic fund loss or enable economic attacks through precision manipulation.
evmcriticalinteger-overflowstatic-analysis
Read More
SVM critical Detector
Missing Signer Check
Detects privileged operations — lamport transfers and account data writes — performed without verifying that the involved account has signed the transaction.
svmcriticalmissing-signer-checkaccess-control
Read More
EVM Remediation
Storage Collision Remediation
How to prevent proxy storage collisions by using EIP-1967 unstructured storage slots for all proxy administrative variables.
evmstorage-collisionproxy-pattern
Read More
EVM critical Detector
Storage Collision
Detects proxy storage layout collisions where the implementation contract's variables overlap with the proxy contract's administrative slots, enabling state corruption and privilege escalation.
evmcriticalstorage-collisionproxy-pattern
Read More
EVM Remediation
Unchecked Subtraction Remediation
How to prevent integer underflow in Solidity by using Solidity 0.8+ default arithmetic, adding explicit balance checks before subtraction, and using SafeMath in legacy contracts.
evminteger-overflow
Read More
EVM critical Detector
Unchecked Subtraction
Detects subtraction operations without underflow protection that can wrap around to a large value, bypassing balance checks and enabling fund theft.
evmcriticalinteger-overflowstatic-analysis
Read More
EVM Remediation
Input Validation Remediation
How to properly validate user-supplied inputs in smart contracts to prevent arbitrary fund routing, unbounded operations, and zero-address vulnerabilities.
evmaccess-controlcritical
Read More
EVM critical Detector
Missing Input Validation
Detects functions that accept user-supplied parameters and use them in sensitive operations without sufficient bounds checking, type validation, or access control enforcement.
evmcriticalaccess-controlstatic-analysis
Read More
EVM Remediation
Weak Randomness Remediation
How to replace predictable on-chain entropy sources with verifiable off-chain randomness from Chainlink VRF or commit-reveal schemes.
evmaccess-control
Read More
EVM high Detector
Weak Randomness
Detects use of predictable on-chain values — blockhash, block.timestamp, block.prevrandao — as sources of randomness, which miners or validators can manipulate.
evmhighaccess-controlstatic-analysis
Read More
EVM Remediation
Timestamp Dependence Remediation
How to eliminate exploitable timestamp dependence by replacing block.timestamp with block numbers, commit-reveal schemes, or off-chain randomness.
evmfront-running
Read More
EVM medium Detector
Timestamp Dependence
Detects reliance on block.timestamp for time-sensitive logic where validator manipulation of the timestamp by up to ~15 seconds can influence outcomes.
evmmediumfront-runningstatic-analysis
Read More
EVM Remediation
Denial of Service Remediation
How to eliminate denial-of-service vulnerabilities by replacing push-based ETH distribution with pull withdrawal patterns and adding maximum batch sizes and pagination to prevent unbounded loop gas exhaustion.
evmdenial-of-service
Read More
EVM Remediation
Denial of Service Remediation
How to prevent DoS vulnerabilities in Solidity by replacing push-payment patterns with pull payments and bounding loop iterations.
evmdenial-of-service
Read More
EVM high Detector
Denial of Service
Detects patterns that allow attackers to permanently block contract execution, including unbounded loops, push-payment patterns, and external call failures in critical paths.
evmhighdenial-of-servicestatic-analysis
Read More
EVM Remediation
Selfdestruct Remediation
How to eliminate selfdestruct vulnerabilities by replacing balance-dependent invariants with internal accounting, protecting library contracts from direct initialisation, and avoiding the SELFDESTRUCT opcode entirely.
evmdenial-of-service
Read More
EVM high Detector
Selfdestruct Usage
Detects use of the selfdestruct opcode, which can permanently destroy a contract and forcibly send its Ether balance to an arbitrary address.
evmhighaccess-controlstatic-analysis
Read More
EVM Remediation
Delegatecall Remediation
How to safely use delegatecall in proxy patterns by validating the target address and using EIP-1967 storage slots to prevent storage collisions.
evmaccess-controlproxy-pattern
Read More
EVM critical Detector
Dangerous Delegatecall
Detects delegatecall patterns where user-controlled input can specify the target address or data, potentially redirecting execution to a malicious contract.
evmcriticalaccess-controlproxy-pattern
Read More
EVM Remediation
tx.origin Authentication Remediation
How to eliminate tx.origin authentication vulnerabilities by replacing all tx.origin identity checks with msg.sender, which correctly identifies the immediate caller and is not vulnerable to phishing via intermediary contracts.
evmaccess-control
Read More
EVM high Detector
tx.origin Authentication
Detects use of tx.origin for authentication or access control, which allows phishing attacks to bypass authorization checks.
evmhighaccess-controlstatic-analysis
Read More
EVM Remediation
Unchecked Call Remediation
How to safely handle external call return values in Solidity to prevent silent failures from ignored CALL, SEND, and low-level call results.
evmunchecked-return
Read More
EVM critical Detector
Unchecked External Call Return Value
Detects external calls whose boolean return value is not checked, allowing silent failures that leave the contract in an inconsistent state.
evmcriticalunchecked-returnstatic-analysis
Read More
EVM Remediation
Access Control Remediation
How to implement proper access controls on privileged functions using ownership patterns, role-based access, and multi-signature authorization.
evmaccess-control
Read More
EVM critical Detector
Access Control
Detects missing or improperly implemented access controls on privileged functions, allowing unauthorized callers to execute restricted operations.
evmcriticalaccess-controlstatic-analysis
Read More
EVM Remediation
Integer Overflow Remediation
How to eliminate integer overflow and underflow vulnerabilities in Solidity by using Solidity 0.8+ checked arithmetic and safe unchecked block practices.
evminteger-overflow
Read More
EVM high Detector
Integer Overflow
Detects arithmetic operations that may overflow or underflow, producing incorrect values that can lead to fund theft or unexpected behavior.
evmhighinteger-overflowstatic-analysis
Read More
EVM Remediation
Reentrancy Remediation
How to eliminate reentrancy vulnerabilities by applying the Checks-Effects-Interactions pattern and using reentrancy guards.
evmreentrancy
Read More
EVM critical Detector
Reentrancy
Detects functions that transfer Ether or call external contracts before completing state updates, allowing attackers to recursively re-enter and drain funds.
evmcriticalreentrancystatic-analysis
Read More
SVM Exploit
CPI Reentrancy Exploit Generator
Sigvex exploit generator that validates Cross-Program Invocation (CPI) reentrancy vulnerabilities in Solana programs by simulating a malicious program that re-enters the victim program during a CPI callback before state is updated.
svmcpi-reentrancyexploit-generator
Read More
EVM Exploit
Signature Malleability Exploit Generator
Sigvex exploit generator that validates ECDSA signature malleability vulnerabilities by computing the alternative valid s value and confirming that both signatures recover to the same address.
evmaccess-controlexploit-generator
Read More
EVM Exploit
Signature Replay Exploit Generator
Sigvex exploit generator that validates missing replay protection in meta-transaction and permit functions by testing same-chain, cross-chain, and cross-contract replay scenarios.
evmaccess-controlexploit-generator
Read More
EVM Exploit
Governance Attack Exploit Generator
Sigvex exploit generator that validates DAO governance vulnerabilities by simulating flash loan vote acquisition, insufficient quorum scenarios, and timelock bypass.
evmaccess-controlflash-loanexploit-generator
Read More
EVM Exploit
Bridge Message Manipulation Exploit Generator
Sigvex exploit generator that validates cross-chain bridge vulnerabilities including message replay, cross-chain replay, and Nomad-style uninitialized state exploitation.
evmaccess-controlexploit-generator
Read More
EVM Exploit
Cross-Chain Balance Inconsistency Exploit Generator
Sigvex exploit generator that validates cross-chain bridge balance inconsistency vulnerabilities including replay attacks, non-atomic operations, weak proof verification, and finality exploits that allow token supply inflation on the destination chain.
evmaccess-controlexploit-generator
Read More
EVM Exploit
Validator/Relayer Compromise Exploit Generator
Sigvex exploit generator that validates bridge validator and relayer compromise vulnerabilities including low M-of-N thresholds, key management failures, centralized relayers, and missing validator rotation — with the Ronin Bridge ($625M) as the canonical attack scenario.
evmaccess-controlexploit-generator
Read More
SVM Exploit
Account Type Confusion Exploit Generator
Sigvex exploit generator that validates account type confusion vulnerabilities in Solana programs by simulating an attack that passes a wrong account type to an instruction, bypassing type-based access controls.
svmaccount-type-confusionexploit-generator
Read More
SVM Exploit
Close Account Drain Exploit Generator
Sigvex exploit generator that validates close account drain vulnerabilities in Solana programs where accounts are improperly closed, allowing an attacker to steal the rent lamports or reuse the account after closure.
svmclose-account-drainexploit-generator
Read More
SVM Exploit
Deserialization Attack Exploit Generator
Sigvex exploit generator that validates unsafe deserialization vulnerabilities in Solana programs where crafted account data causes incorrect state interpretation, type confusion, or panic in the deserialization layer.
svmdeserialization-attackexploit-generator
Read More
SVM Exploit
Missing Rent Check Exploit Generator
Sigvex exploit generator that validates missing rent-exempt check vulnerabilities in Solana programs where accounts with insufficient lamport balances may be garbage-collected by the runtime, causing unexpected program failures.
svmmissing-rent-checkexploit-generator
Read More
SVM Exploit
PDA Manipulation Exploit Generator
Sigvex exploit generator that validates PDA (Program Derived Address) manipulation vulnerabilities in Solana programs by simulating an attack that passes a fake PDA to bypass program authority validation.
svmpda-manipulationexploit-generator
Read More
SVM Exploit
Lamport Drain Exploit Generator
Sigvex exploit generator that validates lamport drain vulnerabilities in Solana programs by simulating an attack that drains all lamports from an account the program fails to adequately protect, with impact reported as potential SOL loss.
svmlamport-drainexploit-generator
Read More
SVM Exploit
Missing Signer Check Exploit Generator
Sigvex exploit generator that validates missing signer check vulnerabilities in Solana programs by simulating instruction execution without required signatures, confirming unauthorized access to protected program logic.
svmmissing-signer-checkexploit-generator
Read More
SVM Exploit
SVM Program Fuzzing Framework
Sigvex coverage-guided Solana program fuzzing framework with instruction-aware input generation, account state fuzzing, CPI simulation, invariant checking, and crash detection for Solana-specific vulnerability classes.
svmexploit-generator
Read More
EVM Exploit
API/Off-Chain Data Manipulation Exploit Generator
Sigvex exploit generator that validates off-chain data trust vulnerabilities where contracts accept external API data without signature verification, freshness checks, or redundancy — enabling data injection, replay attacks, and single-point-of-failure exploits.
evmoracle-manipulationexploit-generator
Read More
EVM Exploit
Cross-Chain Oracle Inconsistency Exploit Generator
Sigvex exploit generator that validates cross-chain oracle inconsistency vulnerabilities including L2 sequencer downtime, oracle price lag between chains, and missing Chainlink sequencer uptime feed checks.
evmoracle-manipulationexploit-generator
Read More
EVM Exploit
Oracle Failure Exploit Generator
Sigvex exploit generator that validates oracle failure vulnerabilities by testing contract behavior when price feeds return zero, extreme, or unavailable values.
evmoracle-manipulationexploit-generator
Read More
EVM Exploit
Oracle Manipulation Exploit Generator
Sigvex exploit generator that validates spot-price oracle manipulation by comparing contract execution under normal vs. artificially imbalanced DEX reserve configurations.
evmoracle-manipulationexploit-generator
Read More
EVM Exploit
Price Deviation Exploit Generator
Sigvex exploit generator that validates price deviation vulnerabilities by submitting extreme price updates (10x increase, 90% crash) and confirming whether the contract accepts them without bounds checking.
evmoracle-manipulationexploit-generator
Read More
EVM Exploit
Single Oracle Dependency Exploit Generator
Sigvex exploit generator that validates single oracle dependency vulnerabilities by simulating primary oracle failure with no fallback, confirming protocols that halt or misbehave when the sole price source goes offline.
evmoracle-manipulationexploit-generator
Read More
EVM Exploit
Stale Oracle Data Exploit Generator
Sigvex exploit generator that validates Chainlink oracle staleness vulnerabilities by executing contracts against fresh, stale (24-hour-old), and incomplete-round oracle configurations.
evmoracle-manipulationexploit-generator
Read More
EVM Exploit
Front-Running and MEV Exploit Generator
Sigvex exploit generator that validates transaction ordering vulnerabilities by simulating how different gas prices and transaction sequences affect contract outcomes.
evmfront-runningexploit-generator
Read More
EVM Exploit
Flash Loan Exploit Generator
Sigvex exploit generator that validates flash loan vulnerabilities by comparing contract execution under normal vs. temporarily-inflated balance conditions.
evmflash-loanexploit-generator
Read More
EVM Exploit
Centralization Risks Exploit Generator
Sigvex exploit generator that validates centralization risk findings by classifying the specific privilege type and documenting the trust assumptions and attack scenarios enabled by single-owner control.
evmaccess-controlexploit-generator
Read More
EVM Exploit
ERC20 Violations Exploit Generator
Sigvex exploit generator that validates ERC20 standard violations by simulating non-standard token behaviors including missing return values, fee-on-transfer tokens, and rebase tokens.
evmunchecked-returnexploit-generator
Read More
EVM Exploit
Integer Overflow Exploit Generator
Sigvex exploit generator that validates unchecked arithmetic vulnerabilities by supplying maximum uint256 values and checking whether the execution reverts.
evminteger-overflowexploit-generator
Read More
SVM Exploit
Arithmetic Overflow Exploit Generator
Exploit generator that validates unchecked arithmetic vulnerabilities in Solana programs where integer overflow or underflow in token balance calculations allows fund theft or state corruption.
svmarithmetic-overflowexploit-generator
Read More
EVM Exploit
EVM Contract Fuzzing Framework
Sigvex coverage-guided EVM fuzzing framework with ABI-aware input generation, property-based invariant checking, symbolic execution, multi-contract execution, and transaction sequence fuzzing.
evmexploit-generator
Read More
EVM Exploit
Arbitrary Storage Write Exploit Generator
Sigvex exploit generator that validates arbitrary storage write vulnerabilities by simulating user-controlled SSTORE operations targeting critical storage slots including the owner address.
evmstorage-collisionexploit-generator
Read More
EVM Exploit
Selfdestruct Vulnerability Exploit Generator
Sigvex exploit generator that validates selfdestruct vulnerabilities including unprotected self-destruction, library-based destruction (Parity-style), and forced ETH reception.
evmaccess-controlexploit-generator
Read More
EVM Exploit
Uninitialized Storage Pointer Exploit Generator
Sigvex exploit generator that validates uninitialized storage pointer vulnerabilities by checking whether uninitialized struct or array pointers overwrite critical storage slots including owner and balance variables.
evmstorage-collisionexploit-generator
Read More
EVM Exploit
Weak Randomness Exploit Generator
Sigvex exploit generator that validates randomness vulnerabilities by testing whether contract outcomes change predictably with controlled block environment variables.
evmfront-runningexploit-generator
Read More
EVM Exploit
Access Control Bypass Exploit Generator
Sigvex exploit generator that validates missing access control by calling privileged functions from an unauthorized address and checking for storage mutations.
evmaccess-controlexploit-generator
Read More
EVM Exploit
Default Visibility Exploit Generator
Sigvex exploit generator that validates default visibility vulnerabilities in Solidity contracts where missing visibility modifiers default to public, exposing sensitive initialization and admin functions.
evmaccess-controlexploit-generator
Read More
EVM Exploit
Delegatecall Injection Exploit Generator
Sigvex exploit generator that validates unvalidated delegatecall targets by passing attacker-controlled contract addresses and checking for storage slot mutations.
evmaccess-controlproxy-patternexploit-generator
Read More
EVM Exploit
tx.origin Authentication Exploit Generator
Sigvex exploit generator that validates tx.origin authentication vulnerabilities by simulating a phishing scenario where an intermediary contract calls the victim with the owner's tx.origin.
evmaccess-controlexploit-generator
Read More
EVM Exploit
Timestamp-Based External Triggers Exploit Generator
Sigvex exploit generator that validates cross-chain timestamp coordination vulnerabilities including block time variation, clock drift between chains, and race conditions in time-sensitive cross-chain operations.
evmfront-runningexploit-generator
Read More
EVM Exploit
Timestamp Manipulation Exploit Generator
Sigvex exploit generator that validates block.timestamp dependency vulnerabilities by executing contracts at shifted timestamps (±900 seconds) to detect miner-manipulable randomness and time-lock bypasses.
evmfront-runningexploit-generator
Read More
EVM Exploit
Cross-Function Reentrancy Exploit Generator
Sigvex exploit generator that validates cross-function reentrancy vulnerabilities where shared state is inconsistent across multiple functions during an external call.
evmreentrancyexploit-generator
Read More
EVM Exploit
Read-Only Reentrancy Exploit Generator
Sigvex exploit generator that validates read-only reentrancy vulnerabilities where view functions return stale state during an external call, misleading dependent protocols.
evmreentrancyexploit-generator
Read More
EVM Exploit
Reentrancy Exploit Generator
Sigvex exploit generator that validates reentrancy vulnerabilities by simulating recursive drain attacks against withdraw-pattern functions.
evmreentrancyexploit-generator
Read More
EVM Exploit
Denial of Service Exploit Generator
Sigvex exploit generator that validates DoS vulnerabilities by simulating unbounded loop execution and external call blocking scenarios to confirm contracts can be permanently disabled.
evmdenial-of-serviceexploit-generator
Read More
EVM Exploit
Requirement Violations Exploit Generator
Sigvex exploit generator that validates requirement violation findings by classifying the specific check failure — incorrect comparison, missing validation, assert misuse, or arithmetic overflow — and documenting the exploit path.
evmunchecked-returnexploit-generator
Read More
EVM Exploit
Unchecked External Call Exploit Generator
Sigvex exploit generator that validates unchecked call return values by sending ETH to a contract that always reverts and checking whether the victim's state updates regardless.
evmunchecked-returnexploit-generator
Read More
EVM Exploit
Unchecked ERC20 Operations Exploit Generator
Sigvex exploit generator that validates unsafe ERC20 token operations by simulating standard, USDT-like, and malicious token interactions to detect missing return value checks.
evmunchecked-returnexploit-generator
Read More
Sign in to access the knowledge base
Use the Sign In button in the navigation bar.