Skip to main content
Sigvex

EVMcriticalAttack Pattern

Access Control Bypass

Maintained by Sigvex TeamReviewed

How attackers exploit missing or improper access restrictions on critical functions — responsible for over $1.3 billion in DeFi losses including the largest hack in history.

evmcriticalaccess-controlauthorization
Read More
SolanacriticalDetector

Admin Key Management

Maintained by Sigvex TeamReviewed

Detects unsafe admin key handling including hardcoded keys, missing validation, and single points of failure.

svmcriticaladmin-key-managementaccess-control
Read More
SolanacriticalDetector

Anchor Constraint Bypass

Maintained by Sigvex TeamReviewed

Detects missing or incomplete Anchor account constraint validation that could allow unauthorized account substitution.

svmcriticalaccount-validationstatic-analysis
Read More
SolanacriticalDetector

Anchor Upgrade Security

Maintained by Sigvex TeamReviewed

Detects unsafe Anchor program upgrade patterns and missing security controls.

svmcriticalanchor-upgrade-securityaccess-control
Read More
SolanacriticalDetector

Arbitrary Cross-Program Invocation

Maintained by Sigvex TeamReviewed

Detects cross-program invocations (CPI) where the target program ID is user-controlled and not validated, allowing attackers to redirect calls to malicious programs.

svmcriticalarbitrary-cpiaccess-control
Read More
EVMcriticalDetector

Arbitrary ERC-20 Transfer

Maintained by Sigvex TeamReviewed

Detects ERC-20 transfer and transferFrom calls where the recipient or amount is user-controlled without access control, enabling token theft.

evmcriticalaccess-controlstatic-analysis
Read More
EVMcriticalDetector

Arbitrary External Calls

Maintained by Sigvex TeamReviewed

Detects external calls to user-controlled addresses without validation, enabling attackers to redirect execution to malicious contracts.

evmcriticalaccess-controlstatic-analysis
Read More
EVMcriticalDetector

Arbitrary Jump

Maintained by Sigvex TeamReviewed

Detects JUMP or JUMPI instructions where the destination is derived from user input, enabling control-flow hijacking.

evmcriticalaccess-controlstatic-analysis
Read More
EVMcriticalDetector

Arbitrary Storage Write

Maintained by Sigvex TeamReviewed

Detects functions that write to storage slots determined by user-controlled input, enabling attackers to overwrite any state variable.

evmcriticalaccess-controlstatic-analysis
Read More
EVMcriticalAttack Pattern

Bridge Message Manipulation

Maintained by Sigvex TeamReviewed

How attackers forge, replay, or bypass cross-chain bridge messages to mint unauthorized assets — responsible for over $1.2 billion in losses across the bridge ecosystem.

evmcriticalbridgecross-chain
Read More
EVMcriticalDetector

Bridge Security Vulnerabilities

Maintained by Sigvex TeamReviewed

Detects vulnerabilities in cross-chain bridge implementations including missing message verification, replay attack exposure, unauthorized relay functions, weak finality assumptions, and protocol-specific issues in a major cross-chain messaging protocol, Axelar, and Hyperlane integrations.

evmcriticalaccess-controlstatic-analysis
Read More
SolanacriticalDetector

Close Account Drain

Maintained by Sigvex TeamReviewed

Detects account closure patterns that leave residual lamports accessible to the program or allow the account to be drained without proper authorization.

svmcriticalaccess-controlstatic-analysis
Read More
EVMcriticalDetector

Conditional Storage Collision

Maintained by Sigvex TeamReviewed

Detects storage slot collisions in proxy contracts that occur only under specific execution paths or conditions, leading to intermittent state corruption.

evmcriticalstorage-collisionproxy-pattern
Read More
SolanacriticalDetector

Conditional Validation Bypass

Maintained by Sigvex TeamReviewed

Detects security validations placed inside conditional branches that can be bypassed through alternate execution paths.

svmcriticalconditional-validation-bypassstatic-analysis
Read More
SolanacriticalDetector

CPI Authority Downgrade

Maintained by Sigvex TeamReviewed

Detects privileged accounts being passed to unvalidated programs via CPI, enabling authority hijacking.

svmcriticalcpi-authority-downgradestatic-analysis
Read More
SolanacriticalDetector

CPI Return Value Forgery

Maintained by Sigvex TeamReviewed

Detects CPI return data used for critical operations without independent on-chain state verification.

svmcriticalcpi-return-forgerystatic-analysis
Read More
SolanacriticalDetector

CPI Signer Simulation

Maintained by Sigvex TeamReviewed

Detects false signer claims in cross-program invocations where accounts were not actually signed in the original transaction.

svmcriticalcpi-signer-simulationstatic-analysis
Read More
SolanacriticalDetector

Critical Program ID Validation

Maintained by Sigvex TeamReviewed

Detects CPI calls to critical system programs without explicit address validation.

svmcriticalcritical-program-id-validationaccess-control
Read More
EVMcriticalDetector

Cross-Function Reentrancy

Maintained by Sigvex TeamReviewed

Detects reentrancy attacks that exploit multiple functions sharing the same state, where an attacker re-enters a different function before the original call completes its state updates.

evmcriticalreentrancystatic-analysis
Read More
ZKcriticalDetector

Cross-Template Constraint Gap

Maintained by Sigvex TeamReviewed

Detects signals wired between template instances where the constraint chain is broken, leaving inter-template data flows unconstrained.

cross-runtimecriticalstatic-analysisdetector
Read More
EVMcriticalDetector

Decimal Mismatch

Maintained by Sigvex TeamReviewed

Detects arithmetic operations that mix values with different decimal precision without normalization, causing massive over- or under-payments.

evmcriticalinteger-overflowstatic-analysis
Read More
SolanacriticalDetector

DeFi Reentrancy

Maintained by Sigvex TeamReviewed

Detects DeFi-specific reentrancy patterns where external calls occur before state updates in vault, lending, and staking operations.

svmcriticaldefi-reentrancystatic-analysis
Read More
EVMcriticalDetector

Flash Loan Attack Vector

Maintained by Sigvex TeamReviewed

Detects protocol patterns that are susceptible to flash loan price manipulation — specifically, reliance on on-chain spot prices that can be manipulated within a single transaction.

evmcriticalflash-loanoracle-manipulation
Read More
SolanacriticalDetector

Flash Loan Validation

Maintained by Sigvex TeamReviewed

Detects missing repayment validation in flash loan patterns, allowing borrowers to avoid repaying borrowed funds.

svmcriticalflash-loan-validationstatic-analysis
Read More
EVMcriticalDetector

Governance Attacks

Maintained by Sigvex TeamReviewed

Detects vulnerabilities in DAO governance mechanisms including flash loan-based voting, timelock bypass, quorum manipulation, delegation exploits, treasury drain, and emergency action abuse.

evmcriticalaccess-controlstatic-analysis
Read More
EVMcriticalDetector

Immutable Violation

Maintained by Sigvex TeamReviewed

Detects modifications to storage variables that should be immutable, including constructor-set values modified by public functions and view-named functions that write to storage.

evmcriticalaccess-controlstatic-analysis
Read More
EVMcriticalDetector

Incorrect Constructor

Maintained by Sigvex TeamReviewed

Detects initialization functions that were intended as constructors but became callable public functions due to naming errors in Solidity 0.4.x contracts.

evmcriticalaccess-controlstatic-analysis
Read More
SolanacriticalDetector

Instruction Sender Validation

Maintained by Sigvex TeamReviewed

Detects missing validation that the transaction sender has authority for privileged operations.

svmcriticalinstruction-sender-validationaccess-control
Read More
SolanacriticalDetector

Lamport Drain

Maintained by Sigvex TeamReviewed

Detects unauthorized lamport transfers where an account's SOL balance is transferred without proper signer, key, or owner authorization checks.

svmcriticalaccess-controlstatic-analysis
Read More
SolanacriticalDetector

Liquidity Manipulation

Maintained by Sigvex TeamReviewed

Detects liquidity pool manipulation vulnerabilities.

svmcriticalliquidity-manipulationoracle-manipulation
Read More
SolanacriticalDetector

Mint Authority Abuse

Maintained by Sigvex TeamReviewed

Detects token minting operations without proper mint authority validation, enabling unauthorized token supply inflation.

svmcriticalmint-authority-abusestatic-analysis
Read More
SolanacriticalDetector

Missing Owner Check

Maintained by Sigvex TeamReviewed

Detects account data reads where the account's program owner is not verified, allowing attackers to pass maliciously crafted accounts with arbitrary data.

svmcriticalaccount-validationaccess-control
Read More
SolanacriticalDetector

Missing Signer Check

Maintained by Sigvex TeamReviewed

Detects privileged operations — lamport transfers and account data writes — performed without verifying that the involved account has signed the transaction.

svmcriticalmissing-signer-checkaccess-control
Read More
SolanacriticalDetector

Native Program Authority

Maintained by Sigvex TeamReviewed

Detects missing authority validation when invoking Solana native programs.

svmcriticalnative-program-authorityaccess-control
Read More
EVMcriticalAttack Pattern

Oracle Manipulation

Maintained by Sigvex TeamReviewed

How attackers manipulate price oracles to exploit lending protocols, inflate collateral, and drain DeFi platforms — the most costly attack class in DeFi history.

evmcriticaloracleprice-manipulation
Read More
EVMcriticalDetector

Oracle Manipulation

Maintained by Sigvex TeamReviewed

Detects smart contracts that rely on manipulable on-chain price sources, such as DEX spot prices or single-source price feeds, without time-weighted averaging.

evmcriticaloracle-manipulationstatic-analysis
Read More
SolanacriticalDetector

PDA Signer Seed Extraction

Maintained by Sigvex TeamReviewed

Detects PDA signer seeds that can be extracted or predicted by attackers, enabling PDA authority bypass.

svmcriticalpda-signer-seed-extractionstatic-analysis
Read More
ZKcriticalDetector

Private Input Unchecked

Maintained by Sigvex TeamReviewed

Detects Noir private (witness) inputs of type Field that are not referenced in any assertion, allowing the prover to set them to arbitrary values.

zkcriticalprivate-input-uncheckedstatic-analysis
Read More
ZKcriticalDetector

Prover-Controlled Loop Bound

Maintained by Sigvex TeamReviewed

Detects loop iteration bounds that depend on unconstrained signal values, allowing the prover to choose how many iterations execute.

zkcriticalprover-controlled-loopstatic-analysis
Read More
EVMcriticalDetector

Read-Only Reentrancy

Maintained by Sigvex TeamReviewed

Detects view functions that read shared state mid-execution of a mutating call, allowing attackers to observe and exploit inconsistent intermediate state without modifying it.

evmcriticalreentrancystatic-analysis
Read More
EVMcriticalDetector

Reentrancy

Maintained by Sigvex TeamReviewed

Detects functions that transfer Ether or call external contracts before completing state updates, allowing attackers to recursively re-enter and drain funds.

evmcriticalreentrancystatic-analysis
Read More
EVMcriticalAttack Pattern

Reentrancy Attack

Maintained by Sigvex TeamReviewed

How attackers exploit external calls that execute before state updates to recursively drain funds from smart contracts.

evmcriticalreentrancystate-management
Read More
SolanacriticalDetector

Signer Authority Role

Maintained by Sigvex TeamReviewed

Detects privileged operations with signer checks but no authority role validation, allowing any signer to execute admin actions.

svmcriticalsigner-authority-roleaccess-control
Read More
SolanacriticalDetector

SPL Governance Attack

Maintained by Sigvex TeamReviewed

Detects missing safeguards in governance implementations that enable proposal manipulation and flash governance attacks.

svmcriticalspl-governance-attackstatic-analysis
Read More
SolanacriticalDetector

SPL Token Delegation Overflow

Maintained by Sigvex TeamReviewed

Detects integer overflow vulnerabilities in token delegation amount calculations.

svmcriticalspl-token-delegation-overflowaccess-control
Read More
SolanacriticalDetector

SPL Token Mint Authority

Maintained by Sigvex TeamReviewed

Detects mint authority vulnerabilities including missing validation and unlimited minting.

svmcriticalspl-token-mint-authorityaccess-control
Read More
EVMcriticalDetector

Storage Collision

Maintained by Sigvex TeamReviewed

Detects proxy storage layout collisions where the implementation contract's variables overlap with the proxy contract's administrative slots, enabling state corruption and privilege escalation.

evmcriticalstorage-collisionproxy-pattern
Read More
SolanacriticalDetector

Sysvar Account Spoofing

Maintained by Sigvex TeamReviewed

Detects programs reading sysvar data from accounts without validating the account key matches the canonical sysvar address.

svmcriticalsysvar-account-spoofingstatic-analysis
Read More
SolanacriticalDetector

Token Balance Invariant

Maintained by Sigvex TeamReviewed

Detects token operations that violate balance invariants such as mint without supply update or burn without supply decrease.

svmcriticaltoken-balance-invariantaccess-control
Read More
SolanacriticalDetector

Token Decimal Mismatch

Maintained by Sigvex TeamReviewed

Detects token transfers and swaps with mismatched decimals without proper conversion.

svmcriticaltoken-decimal-mismatchaccess-control
Read More
SolanacriticalDetector

Token-2022 Permanent Delegate

Maintained by Sigvex TeamReviewed

Detects unsafe handling of the Token-2022 permanent delegate extension, which grants an authority unconditional power to move or burn tokens.

svmcriticalaccess-controlstatic-analysis
Read More
EVMcriticalDetector

Unchecked Call Target

Maintained by Sigvex TeamReviewed

Detects external calls where the target address is user-controlled and not validated against known-safe addresses, enabling call redirection attacks.

evmcriticalaccess-controlstatic-analysis
Read More
SolanacriticalDetector

Unchecked Fee/Rent Math

Maintained by Sigvex TeamReviewed

Detects unchecked arithmetic in fee and rent calculations that can overflow or underflow, leading to fund loss.

svmcriticalunchecked-fee-rent-mathstatic-analysis
Read More
EVMcriticalDetector

Unchecked Subtraction

Maintained by Sigvex TeamReviewed

Detects subtraction operations without underflow protection that can wrap around to a large value, bypassing balance checks and enabling fund theft.

evmcriticalinteger-overflowstatic-analysis
Read More
ZKcriticalDetector

Unconnected Component Inputs

Maintained by Sigvex TeamReviewed

Detects component instantiations where outputs are read but inputs are not wired, leaving the sub-circuit unconstrained and enabling proof forgery.

zkcriticalunconnected-componentstatic-analysis
Read More
ZKcriticalDetector

Unconstrained Divisor

Maintained by Sigvex TeamReviewed

Detects Circom divisions whose divisor signal appears in no constraint at all, giving a malicious prover full control over the divisor and the result.

cross-runtimecriticalstatic-analysisdetector
Read More
ZKcriticalDetector

Unconstrained Output

Maintained by Sigvex TeamReviewed

Detects circuit output signals that lack any constraining assignment or explicit constraint, allowing the prover to set outputs to arbitrary values.

zkcriticalunconstrained-outputstatic-analysis
Read More
ZKcriticalDetector

Unconstrained Output Relation in Noir Circuits

Maintained by Sigvex TeamReviewed

Flags Noir functions that return a value derived from private inputs without any assertion binding the output to those inputs.

cross-runtimecriticalstatic-analysisdetector
Read More
ZKcriticalDetector

Unconstrained Public Input

Maintained by Sigvex TeamReviewed

Detects public input signals that are used in computations but never appear in any constraint, enabling the prover to forge the claimed public input value.

zkcriticalunconstrained-public-inputstatic-analysis
Read More
ZKcriticalDetector

Under-Constrained Signal

Maintained by Sigvex TeamReviewed

Detects signals assigned via unconstrained assignment without any corresponding constraint, allowing the prover to set them to arbitrary values.

zkcriticalunder-constrainedstatic-analysis
Read More
EVMcriticalDetector

Uninitialized UUPS Proxy

Maintained by Sigvex TeamReviewed

Detects UUPS upgradeable proxy contracts where the implementation contract is deployed without calling the initializer, leaving the proxy's ownership and upgrade authority unset.

evmcriticalproxy-patternaccess-control
Read More
EVMcriticalDetector

Unprotected Ether Withdrawal

Maintained by Sigvex TeamReviewed

Detects functions that transfer Ether without verifying the caller's authorization, allowing anyone to drain the contract's ETH balance.

evmcriticalaccess-controlstatic-analysis
Read More
ZKcriticalDetector

Unsafe Comparison

Maintained by Sigvex TeamReviewed

Detects comparison operators used in unconstrained assignments, producing prover-controlled boolean values with no verifier check.

zkcriticalstatic-analysisdetector
Read More
EVMcriticalDetector

Unsafe Delegatecall

Maintained by Sigvex TeamReviewed

Detects delegatecall operations where the target address is user-controlled or loaded from storage without authorization, enabling complete contract takeover.

evmcriticalaccess-controlstatic-analysis
Read More
SolanacriticalDetector

Vault Manipulation

Maintained by Sigvex TeamReviewed

Detects unauthorized vault state modifications and missing invariant checks in DeFi vault operations.

svmcriticalvault-manipulationstatic-analysis
Read More
EVMcriticalDetector

Vault Rounding

Maintained by Sigvex TeamReviewed

Detects rounding direction errors in ERC-4626 vault share calculations that allow attackers to extract value through precision manipulation.

evmcriticalinteger-overflowstatic-analysis
Read More
SolanacriticalDetector

Wrapped Token Parity

Maintained by Sigvex TeamReviewed

Detects missing wrapped token supply vs collateral parity validation.

svmcriticalwrapped-token-parityfund-safety
Read More
EVMhighDetector

AA Storage Access Violations

Maintained by Sigvex TeamReviewed

Detects banned opcodes and storage access violations in ERC-4337 validation phase that cause bundler rejection.

evmhighaccess-controlstatic-analysis
Read More
EVMhighDetector

Access Control

Maintained by Sigvex TeamReviewed

Detects missing or improperly implemented access controls on privileged functions, allowing unauthorized callers to execute restricted operations.

evmhighaccess-controlstatic-analysis
Read More
EVMhighDetector

Account Abstraction (ERC-4337)

Maintained by Sigvex TeamReviewed

Detects security issues in ERC-4337 account abstraction implementations including validation phase violations, paymaster abuse, and bundler manipulation.

evmhighaccess-controlstatic-analysis
Read More
SolanahighDetector

Account Alias Attack (Role Confusion)

Maintained by Sigvex TeamReviewed

Detects when the same account is passed in multiple positions with incompatible role requirements, enabling an attacker to bypass security checks through role confusion.

svmhighaccount-validationaccess-control
Read More
SolanahighDetector

Account Close Balance Check

Maintained by Sigvex TeamReviewed

Detects incomplete account close operations where lamports are drained but account data is not zeroed, enabling account resurrection attacks.

svmhighaccount-close-balance-checkaccount-validation
Read More
SolanahighDetector

Account Close Discriminator

Maintained by Sigvex TeamReviewed

Detects account closes without discriminator zeroing, enabling resurrection attacks.

svmhighaccount-close-discriminatoraccess-control
Read More
SolanahighDetector

Account Close Reopen Race

Maintained by Sigvex TeamReviewed

Detects race conditions from account close/reopen between transactions.

svmhighaccount-close-reopen-raceaccess-control
Read More
SolanahighDetector

Account Executable Flag

Maintained by Sigvex TeamReviewed

Detects missing executable flag validation before using accounts as program IDs in cross-program invocations.

svmhighaccount-executable-flagaccount-validation
Read More
SolanahighDetector

Account Index Bounds

Maintained by Sigvex TeamReviewed

Detects account array access without bounds validation, a vulnerability that appears in 30% of recent Solana audit findings.

svmhighaccount-index-boundsdenial-of-service
Read More
SolanahighDetector

Account Iterator Bounds

Maintained by Sigvex TeamReviewed

Detects unsafe iteration over account arrays without bounds validation, which can lead to out-of-bounds panics or buffer overflows.

svmhighaccount-iterator-boundsdenial-of-service
Read More
SolanahighDetector

Account Layout Version

Maintained by Sigvex TeamReviewed

Detects account deserialization without version validation, which can cause silent data corruption when account structures are upgraded.

svmhighaccount-layout-versionaccount-validation
Read More
SolanahighDetector

Account List Size

Maintained by Sigvex TeamReviewed

Detects missing account list size validation for programs that expect a fixed number of accounts.

svmhighaccount-list-sizedenial-of-service
Read More
SolanahighDetector

Account Owner Chain

Maintained by Sigvex TeamReviewed

Detects account owner validation issues across CPI boundaries where ownership assumptions break after cross-program invocations.

svmhighaccount-owner-chainaccount-validation
Read More
SolanahighDetector

Account Realloc Corruption

Maintained by Sigvex TeamReviewed

Detects account reallocation data corruption vulnerabilities.

svmhighaccount-realloc-corruptionaccess-control
Read More
SolanahighDetector

Account Reallocation

Maintained by Sigvex TeamReviewed

Detects unsafe account reallocation patterns that can corrupt data.

svmhighaccount-reallocationaccess-control
Read More
SolanahighDetector

Account Resurrection

Maintained by Sigvex TeamReviewed

Detects accounts that could be resurrected after closure via PDA re-derivation.

svmhighaccount-resurrectionaccess-control
Read More
SolanahighDetector

Account Type Confusion

Maintained by Sigvex TeamReviewed

Detects accounts used in conflicting roles or deserialized as the wrong type, enabling attackers to substitute one account type for another.

svmhightype-cosplaystatic-analysis
Read More
SolanahighDetector

Account Use After Close

Maintained by Sigvex TeamReviewed

Detects reads or writes to accounts after they are logically closed.

svmhighaccount-use-after-closeaccess-control
Read More
SolanahighDetector

Account Verification Chain

Maintained by Sigvex TeamReviewed

Detects incomplete account verification chains where accounts undergo partial validation, allowing attackers to bypass security checks.

svmhighaccount-verification-chainaccount-validation
Read More
SolanahighDetector

Address Lookup Table Poisoning

Maintained by Sigvex TeamReviewed

Detects unsafe use of Address Lookup Tables without authority validation, allowing attackers to substitute malicious accounts.

svmhighaddress-lookup-table-poisoningaccount-validation
Read More
SolanahighDetector

Anchor Constraint Ordering

Maintained by Sigvex TeamReviewed

Detects when Anchor account constraints are checked in incorrect order.

svmhighanchor-constraint-orderingaccess-control
Read More
SolanahighDetector

Anchor Constraint TOCTOU

Maintained by Sigvex TeamReviewed

Detects Time-of-Check-Time-of-Use vulnerabilities in Anchor constraint validation.

svmhighanchor-constraint-toctouaccess-control
Read More
SolanahighDetector

Anchor Discriminator Validation

Maintained by Sigvex TeamReviewed

Detects missing or incorrect Anchor discriminator validation.

svmhighanchor-discriminator-validationaccess-control
Read More
SolanahighDetector

Anchor IDL Mismatch

Maintained by Sigvex TeamReviewed

Detects inconsistencies between Anchor IDL and program implementation.

svmhighanchor-idl-mismatchaccess-control
Read More
SolanahighDetector

Anchor Init/Close Patterns

Maintained by Sigvex TeamReviewed

Detects unsafe account initialization and closing patterns in Anchor programs.

svmhighanchor-init-close-patternsfund-safety
Read More
EVMhighDetector

Assembly Analysis

Maintained by Sigvex TeamReviewed

Detects dangerous opcodes, unchecked calls, unsafe memory access, and unguarded arithmetic inside inline assembly blocks.

evmhighstatic-analysisdetector
Read More
EVMhighDetector

Assert Violation

Maintained by Sigvex TeamReviewed

Detects reachable assert() statements that indicate invariant violations and potential logic bugs in smart contracts.

evmhighunchecked-returnstatic-analysis
Read More
EVMhighDetector

Atomic State Update

Maintained by Sigvex TeamReviewed

Detects non-atomic multi-step state updates where intermediate consistency checks are missing between storage writes.

evmhighlogic-errorstatic-analysis
Read More
SolanahighDetector

Authority Chain Validation

Maintained by Sigvex TeamReviewed

Detects multi-hop CPI authority chains where delegated signing authority is not validated at each intermediate hop, allowing an attacker to abuse implicitly inherited authority from a PDA signer.

svmhighaccess-controlstatic-analysis
Read More
EVMhighDetector

Balance Accounting Mismatch

Maintained by Sigvex TeamReviewed

Detects contracts that assume transfer amounts equal the actual balance change, failing to account for fee-on-transfer, rebasing, or deflationary tokens.

evmhighstatic-analysisdetector
Read More
EVMhighDetector

Batch Operation Atomicity

Maintained by Sigvex TeamReviewed

Detects batch operations that lack atomicity guarantees, allowing partial execution failures to leave the contract in an inconsistent state.

evmhighdenial-of-servicestatic-analysis
Read More
EVMhighDetector

Bit Shift Overflow

Maintained by Sigvex TeamReviewed

Detects unsafe bit shift operations where the shift amount is user-controlled or exceeds the operand width, causing silent data loss.

evmhighinteger-overflowstatic-analysis
Read More
SolanahighDetector

Bump Seed Brute Force

Maintained by Sigvex TeamReviewed

Detects user-controlled bump seeds in PDA derivation without validation against canonical values.

svmhighbump-seed-brute-forcepda-validation
Read More
SolanahighDetector

Bump Seed Canonicalization

Maintained by Sigvex TeamReviewed

Detects PDA operations using potentially non-canonical bump seeds via create_program_address, which can enable PDA collision and address confusion attacks.

svmhighpda-validationaccount-validation
Read More
EVMhighDetector

Business Logic Error

Maintained by Sigvex TeamReviewed

Detects violations of protocol-specific invariants — conditions that must always hold true for the protocol to operate correctly — including incorrect reward calculations, fee logic, and state transition rules.

evmhighaccess-controlstatic-analysis
Read More
ZKhighDetector

Cairo Reentrancy (Checks-Effects-Interactions)

Maintained by Sigvex TeamReviewed

Detects Cairo functions that write storage after an external call, leaving the contract open to reentrancy through a violated checks-effects-interactions ordering.

cross-runtimehighstatic-analysisdetector
Read More
EVMhighDetector

Callback State Mutation

Maintained by Sigvex TeamReviewed

Detects state mutations after external calls that may trigger callbacks, violating the Checks-Effects-Interactions pattern.

evmhighreentrancystatic-analysis
Read More
EVMhighDetector

Centralization Risks

Maintained by Sigvex TeamReviewed

Detects excessive owner privileges, single points of failure, and centralization patterns that enable rug pulls or administrative abuse.

evmhighaccess-controlstatic-analysis
Read More
EVMhighDetector

Combined Attack Patterns

Maintained by Sigvex TeamReviewed

Detects combinations of individually lower-severity issues that together form exploitable attack chains.

evmhighstatic-analysisdetector
Read More
SolanahighDetector

Compressed NFT Validation

Maintained by Sigvex TeamReviewed

Detects Bubblegum/compressed NFT Merkle proof and authority vulnerabilities.

svmhighcompressed-nft-validationaccess-control
Read More
SolanahighDetector

Compute Exhaustion

Maintained by Sigvex TeamReviewed

Detects resource issues that could exhaust Solana compute unit budget.

svmhighcompute-exhaustiondenial-of-service
Read More
SolanahighDetector

Conditional Ownership Bypass

Maintained by Sigvex TeamReviewed

Detects ownership checks that can be bypassed through conditional logic, allowing unauthorized access.

svmhighconditional-ownership-bypassaccess-control
Read More
EVMhighDetector

Constructor State

Maintained by Sigvex TeamReviewed

Detects improper state initialization in constructors of upgradeable contracts where state is invisible to proxies.

evmhighproxystatic-analysis
Read More
EVMhighDetector

Controlled Array Length

Maintained by Sigvex TeamReviewed

Detects unbounded dynamic arrays that can grow without limit, enabling denial-of-service through gas exhaustion on iteration.

evmhighdenial-of-servicestatic-analysis
Read More
SolanahighDetector

CPI Account List Mismatch

Maintained by Sigvex TeamReviewed

Detects CPI calls without proper account list validation, enabling privilege escalation.

svmhighcpi-account-list-mismatchaccess-control
Read More
SolanahighDetector

CPI Cycle Detection

Maintained by Sigvex TeamReviewed

Detects circular cross-program invocation patterns that could cause infinite loops or resource exhaustion.

svmhighcpi-cycleaccess-control
Read More
SolanahighDetector

CPI Data Tampering

Maintained by Sigvex TeamReviewed

Detects CPI calls with potentially tampered instruction data from untrusted sources.

svmhighcpi-data-tamperingaccess-control
Read More
SolanahighDetector

CPI in Loop Denial of Service

Maintained by Sigvex TeamReviewed

Detects CPI calls inside loops that can cause compute exhaustion and denial of service.

svmhighcpi-in-loop-dosaccess-control
Read More
SolanahighDetector

CPI Program ID Validation

Maintained by Sigvex TeamReviewed

Detects Cross-Program Invocations where the target program account key is not verified against the expected program ID, allowing an attacker to substitute a malicious program that accepts the same instruction format.

svmhighaccess-controlstatic-analysis
Read More
SolanahighDetector

CPI Reentrancy

Maintained by Sigvex TeamReviewed

Detects Solana programs that modify state after making a cross-program invocation, allowing the called program to invoke back before the state update completes.

svmhighreentrancystatic-analysis
Read More
SolanahighDetector

CPI Signer Propagation

Maintained by Sigvex TeamReviewed

Detects unsafe signer propagation in nested CPI calls without re-validation.

svmhighcpi-signer-propagationaccess-control
Read More
EVMhighDetector

CREATE2 Collision

Maintained by Sigvex TeamReviewed

Detects CREATE2 deployments where salt values can be predicted or brute-forced, enabling address collision attacks.

evmhighaccess-controlstatic-analysis
Read More
SolanahighDetector

Critical Truncation

Maintained by Sigvex TeamReviewed

Detects integer truncation in security-critical operations including lamport transfers, account storage, and access control.

svmhighcritical-truncationinteger-overflow
Read More
SolanahighDetector

Cross-Account Relationship Validation

Maintained by Sigvex TeamReviewed

Detects missing validation of relationships between related accounts in CPI operations.

svmhighcross-account-relationshipaccess-control
Read More
EVMhighDetector

Cross-Contract Taint Flow

Maintained by Sigvex TeamReviewed

Detects tainted data flowing from untrusted external calls into security-critical operations like access control checks or transfer amounts.

evmhightaint-analysisstatic-analysis
Read More
SolanahighDetector

Cross-Instruction State Desync

Maintained by Sigvex TeamReviewed

Detects cross-instruction state desynchronization vulnerabilities.

svmhighcross-instruction-state-desyncaccess-control
Read More
SolanahighDetector

Cross-Program Reinit

Maintained by Sigvex TeamReviewed

Detects accounts used after CPI without re-validating initialization state.

svmhighcross-program-reinitaccess-control
Read More
SolanahighDetector

Cross-Program State

Maintained by Sigvex TeamReviewed

Detects state inconsistencies and race conditions across CPI boundaries.

svmhighcross-program-stateaccess-control
Read More
EVMhighDetector

Dangerous Delegatecall

Maintained by Sigvex TeamReviewed

Detects delegatecall patterns where user-controlled input can specify the target address or data, potentially redirecting execution to a malicious contract.

evmhighaccess-controlproxy-pattern
Read More
EVMhighDetector

Diamond Collision

Maintained by Sigvex TeamReviewed

Detects storage slot collisions between facets in EIP-2535 diamond proxy contracts, where independent facets may unknowingly share storage locations.

evmhighstorage-collisionproxy-pattern
Read More
EVMhighDetector

Division by Zero

Maintained by Sigvex TeamReviewed

Detects division and modulo operations where the divisor may be zero, causing transaction reverts that lock funds or enable denial of service.

evmhighdenial-of-servicestatic-analysis
Read More
SolanahighDetector

Division by Zero

Maintained by Sigvex TeamReviewed

Detects division and modulo operations where the divisor may be zero, causing runtime panics and DoS vulnerabilities.

svmhighdivision-by-zerointeger-overflow
Read More
ZKhighDetector

Division by Zero Risk

Maintained by Sigvex TeamReviewed

Detects divisions and modulo operations where the divisor has no non-zero binding, yielding undefined witness behaviour exploitable by the prover.

cross-runtimehighstatic-analysisdetector
Read More
SolanahighDetector

DoS Compute Exhaustion

Maintained by Sigvex TeamReviewed

Detects potential denial-of-service via unbounded compute unit consumption.

svmhighdos-compute-exhaustiondenial-of-service
Read More
EVMhighDetector

DoS with Failed Call

Maintained by Sigvex TeamReviewed

Detects denial of service vulnerabilities where external calls in loops lack error handling, allowing one failed call to block entire batch operations.

evmhighdenial-of-servicestatic-analysis
Read More
SolanahighDetector

Durable Nonce Manipulation

Maintained by Sigvex TeamReviewed

Detects missing validation when interacting with durable nonce accounts, enabling replay attacks or transaction reordering.

svmhighdurable-nonce-manipulationaccess-control
Read More
SolanahighDetector

Ed25519 Signature Malleability

Maintained by Sigvex TeamReviewed

Detects Ed25519 signature verification without canonical signature checks, allowing signature malleability attacks.

svmhighed25519-signature-malleabilityaccess-control
Read More
EVMhighDetector

EIP-7702 Delegation

Maintained by Sigvex TeamReviewed

Detects vulnerabilities in EIP-7702 delegation targets where EOAs temporarily delegate to smart contract code.

evmhighaccess-controlstatic-analysis
Read More
EVMhighDetector

Empty Code Detection

Maintained by Sigvex TeamReviewed

Detects external calls to user-controlled addresses without verifying that the target has deployed code, where silent success masks failed interactions.

evmhighunchecked-returnstatic-analysis
Read More
EVMhighDetector

ERC-1155 Standard Violations

Maintained by Sigvex TeamReviewed

Detects ERC-1155 contracts missing receiver callbacks, batch array-length validation, ERC-165 support, or required functions.

evmhighstatic-analysisdetector
Read More
EVMhighDetector

ERC-1271 Signature Verification

Maintained by Sigvex TeamReviewed

Detects insecure ERC-1271 contract signature verification including missing magic value checks, reentrancy during verification, and gas griefing.

evmhighaccess-controlstatic-analysis
Read More
EVMhighDetector

ERC-6900 Modular Account

Maintained by Sigvex TeamReviewed

Detects security issues in modular smart account implementations including plugin validation gaps, execution hook bypass, and module isolation failures.

evmhighaccess-controlstatic-analysis
Read More
EVMhighDetector

ERC-721 Standard Violations

Maintained by Sigvex TeamReviewed

Detects ERC-721 contracts missing required functions, safe-transfer callbacks, ERC-165 support, or zero-address checks.

evmhighstatic-analysisdetector
Read More
EVMhighDetector

EXTCODESIZE Bypass

Maintained by Sigvex TeamReviewed

Detects access control checks using EXTCODESIZE that can be bypassed by calling from a contract's constructor, where code size is zero.

evmhighaccess-controlstatic-analysis
Read More
EVMhighDetector

Fee-on-Transfer

Maintained by Sigvex TeamReviewed

Detects contracts that assume the received token amount equals the transferred amount, failing to account for fee-on-transfer tokens.

evmhighinteger-overflowstatic-analysis
Read More
ZKhighDetector

Feedback Loop

Maintained by Sigvex TeamReviewed

Detects circular signal dependencies in circuit constraints that prevent deterministic witness generation.

zkhighstatic-analysisdetector
Read More
ZKhighDetector

Field Overflow

Maintained by Sigvex TeamReviewed

Detects arithmetic that may wrap the finite field prime, producing field-correct but semantically wrong results for circuits modelling bounded integers.

cross-runtimehighinteger-overflowstatic-analysis
Read More
ZKhighDetector

Field Underflow Subtraction

Maintained by Sigvex TeamReviewed

Detects unconstrained subtractions between signals where the result may wrap around the field modulus, turning a small negative difference into an enormous value.

zkhighinteger-overflowstatic-analysis
Read More
EVMhighAttack Pattern

Flash Loan Attack

Maintained by Sigvex TeamReviewed

How attackers use uncollateralized flash loans to manipulate prices, exploit protocol logic, and drain funds within a single transaction.

evmhighflash-loandefi
Read More
EVMhighDetector

Function Selector Collision

Maintained by Sigvex TeamReviewed

Detects functions with colliding 4-byte selectors that can cause incorrect function dispatch or proxy confusion.

evmhighproxy-patternstatic-analysis
Read More
EVMhighDetector

Gas Griefing

Maintained by Sigvex TeamReviewed

Detects external calls that forward insufficient gas or allow callers to specify gas amounts that cause downstream operations to fail.

evmhighdenial-of-servicestatic-analysis
Read More
SolanahighDetector

Generic Init Frontrun

Maintained by Sigvex TeamReviewed

Detects initialization patterns vulnerable to frontrunning attacks.

svmhighgeneric-init-frontrunaccess-control
Read More
SolanahighDetector

Hash Collision

Maintained by Sigvex TeamReviewed

Detects hash collision vulnerabilities in cryptographic operations including weak algorithms, truncated hashes, and merkle proof misuse.

svmhighhash-collisionaccess-control
Read More
SolanahighDetector

Implicit Instruction Ordering

Maintained by Sigvex TeamReviewed

Detects implicit instruction ordering dependencies not enforced on all control flow paths, enabling authorization bypass through path-selective attacks.

svmhighimplicit-instruction-orderingaccess-control
Read More
EVMhighDetector

Incorrect Exponent

Maintained by Sigvex TeamReviewed

Detects confusion between the XOR operator (^) and exponentiation (**) in Solidity arithmetic expressions.

evmhighinteger-overflowstatic-analysis
Read More
EVMhighDetector

Initializer Reentrancy

Maintained by Sigvex TeamReviewed

Detects proxy initializer functions that make external calls before setting the initialized flag, enabling re-initialization attacks.

evmhighreentrancystatic-analysis
Read More
SolanahighDetector

Input Validation

Maintained by Sigvex TeamReviewed

Detects missing validation of user-controlled inputs including instruction parameters, account data fields, and system call results in Solana programs.

svmhighaccount-validationstatic-analysis
Read More
SolanahighDetector

Instruction Data Length

Maintained by Sigvex TeamReviewed

Detects missing instruction data length validation before unpacking, the most common source of runtime panics in Solana programs.

svmhighinstruction-data-lengthdenial-of-service
Read More
SolanahighDetector

Instruction Fallback Handler

Maintained by Sigvex TeamReviewed

Detects unsafe fallback logic for unrecognized instruction discriminators that may allow attackers to execute unintended code paths.

svmhighinstruction-fallback-handleraccess-control
Read More
SolanahighDetector

Instruction Index Validation

Maintained by Sigvex TeamReviewed

Detects hardcoded instruction index comparisons that can be bypassed by attackers who control transaction structure.

svmhighinstruction-index-validationaccess-control
Read More
SolanahighDetector

Instruction Introspection

Maintained by Sigvex TeamReviewed

Detects unsafe instruction introspection with missing bounds or length validation when accessing transaction instructions via sysvar.

svmhighinstruction-introspectiondenial-of-service
Read More
SolanahighDetector

Instruction Verification Pattern

Maintained by Sigvex TeamReviewed

Detects incorrect ordering of validation checks and sensitive operations, where state modifications or CPIs occur before authorization.

svmhighinstruction-verification-patternaccess-control
Read More
SolanahighDetector

Insufficient Data Length Check

Maintained by Sigvex TeamReviewed

Detects account data access without sufficient length validation, which can cause buffer overflows or runtime panics.

svmhighinsufficient-data-length-checkdenial-of-service
Read More
SolanahighDetector

Insufficient Lamport Balance

Maintained by Sigvex TeamReviewed

Detects lamport operations without sufficient balance validation.

svmhighinsufficient-lamport-balancefund-safety
Read More
EVMhighDetector

Integer Overflow

Maintained by Sigvex TeamReviewed

Detects arithmetic operations that may overflow or underflow, producing incorrect values that can lead to fund theft or unexpected behavior.

evmhighinteger-overflowstatic-analysis
Read More
SolanahighDetector

Integer Overflow (SVM)

Maintained by Sigvex TeamReviewed

Detects unchecked arithmetic operations on user-controlled values in Solana programs that may overflow or underflow, enabling fund manipulation.

svmhighinteger-overflowstatic-analysis
Read More
SolanahighDetector

Integer Truncation

Maintained by Sigvex TeamReviewed

Detects unsafe integer type casts that may truncate data, causing loss of significant bits and security vulnerabilities.

svmhighinteger-truncationinteger-overflow
Read More
EVMhighDetector

L2 Rollup Vulnerabilities

Maintained by Sigvex TeamReviewed

Detects Layer 2-specific vulnerabilities including sequencer dependency, L1-L2 message replay, and gas price oracle manipulation.

evmhighstatic-analysisdetector
Read More
SolanahighDetector

Lamport Conservation

Maintained by Sigvex TeamReviewed

Detects lamport conservation violations where balances are not properly maintained.

svmhighlamport-conservationfund-safety
Read More
SolanahighDetector

Lamport Token Confusion

Maintained by Sigvex TeamReviewed

Detects confusion between native SOL (lamports) and SPL token operations leading to incorrect value calculations.

svmhighlamport-token-confusionaccess-control
Read More
SolanahighDetector

Lamport Underflow

Maintained by Sigvex TeamReviewed

Detects lamport transfers that may exceed available balance, causing underflow, account closure, or rent-exempt violations.

svmhighlamport-underflowinteger-overflow
Read More
EVMhighDetector

Locked Ether

Maintained by Sigvex TeamReviewed

Detects contracts that can receive ETH but have no code path that sends it out, permanently trapping funds.

evmhighstatic-analysisdetector
Read More
EVMhighDetector

Loop Gas Exhaustion

Maintained by Sigvex TeamReviewed

Detects loops without proper iteration bounds where the count can be influenced by external input, causing DoS via block gas limit exhaustion.

evmhighdenial-of-servicestatic-analysis
Read More
EVMhighDetector

LP Token Inflation

Maintained by Sigvex TeamReviewed

Detects AMM and DEX liquidity pool contracts vulnerable to first-depositor inflation attacks where an attacker manipulates the share price to steal from subsequent depositors.

evmhighinteger-overflowstatic-analysis
Read More
EVMhighDetector

Memory Expansion DoS

Maintained by Sigvex TeamReviewed

Detects unbounded memory allocation patterns that can cause out-of-gas denial of service attacks.

evmhighdenial-of-servicestatic-analysis
Read More
EVMhighDetector

Merkle Proof Verification

Maintained by Sigvex TeamReviewed

Detects insecure Merkle proof verification patterns vulnerable to second preimage attacks and proof malleability.

evmhighcryptographystatic-analysis
Read More
SolanahighDetector

Metadata Authority Transfer

Maintained by Sigvex TeamReviewed

Detects unsafe metadata authority transfers without proper verification of the new authority.

svmhighmetadata-authority-transferaccess-control
Read More
EVMhighDetector

Metamorphic Contract

Maintained by Sigvex TeamReviewed

Detects contracts that can be destroyed and redeployed at the same address with different code using CREATE2 and SELFDESTRUCT.

evmhighcode-replacementstatic-analysis
Read More
EVMhighDetector

MEV Vulnerabilities

Maintained by Sigvex TeamReviewed

Detects transaction ordering dependencies exploitable by miners and MEV searchers, including sandwich attacks, frontrunning, and backrunning patterns.

evmhighfront-runningstatic-analysis
Read More
SolanahighDetector

MEV Vulnerabilities

Maintained by Sigvex TeamReviewed

Detects MEV and transaction ordering vulnerabilities in Solana programs.

svmhighmev-vulnerabilitiesmev
Read More
EVMhighDetector

Missing Deadline

Maintained by Sigvex TeamReviewed

Detects DEX and AMM swap operations that lack transaction deadline validation, allowing pending transactions to execute at stale prices.

evmhighfront-runningstatic-analysis
Read More
SolanahighDetector

Missing Empty Account Check

Maintained by Sigvex TeamReviewed

Detects account initialization without validating the account is empty first.

svmhighmissing-empty-account-checkaccess-control
Read More
EVMhighDetector

Missing Storage Gap

Maintained by Sigvex TeamReviewed

Detects upgradeable contracts that lack reserved storage gaps, risking storage collisions when new state variables are added in future versions.

evmhighstorage-collisionstatic-analysis
Read More
EVMhighDetector

msg.value in Loop

Maintained by Sigvex TeamReviewed

Detects msg.value used inside loops where the same ETH value is counted multiple times, enabling fund theft or accounting errors.

evmhighinteger-overflowstatic-analysis
Read More
SolanahighDetector

Multi-Hop CPI

Maintained by Sigvex TeamReviewed

Detects dangerous multi-hop cross-program invocation chains.

svmhighmulti-hop-cpiaccess-control
Read More
SolanahighDetector

Multi-Sig Validation

Maintained by Sigvex TeamReviewed

Detects multi-signature validation issues including weak thresholds, missing signer verification, and replay vulnerabilities.

svmhighmultisig-validationaccess-control
Read More
SolanahighDetector

Native Discriminator Validation

Maintained by Sigvex TeamReviewed

Detects native programs deserializing account data without discriminator checks.

svmhighnative-discriminator-validationaccess-control
Read More
SolanahighDetector

NFT Creator Verification

Maintained by Sigvex TeamReviewed

Detects missing creator signature verification in NFT metadata operations.

svmhighnft-creator-verificationaccess-control
Read More
ZKhighDetector

Noir Circuit Detectors

Maintained by Sigvex TeamReviewed

A family of checks for Noir-specific hazards: unconstrained functions, oracle responses, Brillig escapes, and assertion dependencies on mutable state.

cross-runtimehighstatic-analysisdetector
Read More
ZKhighDetector

Nondeterministic Conditional

Maintained by Sigvex TeamReviewed

Detects if/else logic inside unconstrained assignments, where the prover can take either branch without any constraint enforcing the condition.

zkhighstatic-analysisdetector
Read More
ZKhighDetector

Nondeterministic Control Flow

Maintained by Sigvex TeamReviewed

Detects ternary and conditional expressions inside unconstrained assignments, where the prover chooses which branch produces the witness value.

cross-runtimehighstatic-analysisdetector
Read More
ZKhighDetector

Nondeterministic Division in Noir Circuits

Maintained by Sigvex TeamReviewed

Flags division in Noir functions where the quotient is an unconstrained witness and the divisor is never validated.

cross-runtimehighstatic-analysisdetector
Read More
ZKhighDetector

Nondeterministic Witness

Maintained by Sigvex TeamReviewed

Detects nondeterministic operators on the right-hand side of `<--` assignments where no constraint later rebinds the result.

cross-runtimehighstatic-analysisdetector
Read More
EVMhighDetector

Off-By-One

Maintained by Sigvex TeamReviewed

Detects off-by-one errors in loop boundaries that can lead to skipped elements or out-of-bounds array access.

evmhighlogic-errorstatic-analysis
Read More
SolanahighDetector

Oracle Data Freshness

Maintained by Sigvex TeamReviewed

Detects oracle price usage without staleness validation.

svmhighoracle-data-freshnessoracle-manipulation
Read More
EVMhighDetector

Payable Fallback

Maintained by Sigvex TeamReviewed

Detects contracts with payable fallback or receive functions that accept ETH without proper handling or access control.

evmhighaccess-controlstatic-analysis
Read More
SolanahighDetector

PDA Bump Seed Reuse

Maintained by Sigvex TeamReviewed

Detects reuse of the same bump seed value across multiple PDA derivations.

svmhighpda-bump-seed-reusepda-validation
Read More
SolanahighDetector

PDA Ownership Validation

Maintained by Sigvex TeamReviewed

Detects PDA usage without ownership validation, allowing unauthorized access.

svmhighpda-ownership-validationpda-validation
Read More
SolanahighDetector

PDA Seed Collision

Maintained by Sigvex TeamReviewed

Detects PDA derivations with weak seed patterns that could collide with other PDAs or system addresses, enabling account hijacking.

svmhighpda-validationstatic-analysis
Read More
SolanahighDetector

PDA Seed Validation

Maintained by Sigvex TeamReviewed

Detects incorrect PDA seed derivation patterns including wrong order, missing seeds, and non-deterministic sources.

svmhighpda-seed-validationpda-validation
Read More
SolanahighDetector

PDA System Collision

Maintained by Sigvex TeamReviewed

Detects PDA derivations with weak entropy that could collide with system program addresses.

svmhighpda-system-collisionpda-validation
Read More
SolanahighDetector

PDA User-Controlled Seeds

Maintained by Sigvex TeamReviewed

Detects user-controlled input used in PDA seeds without validation, enabling arbitrary PDA derivation.

svmhighpda-user-controlled-seedspda-validation
Read More
SolanahighDetector

PDA Validation

Maintained by Sigvex TeamReviewed

Detects Program Derived Addresses that are used without verifying their seeds and bump, allowing attackers to substitute counterfeit PDAs.

svmhighpda-validationaccount-validation
Read More
EVMhighDetector

Permit Frontrunning

Maintained by Sigvex TeamReviewed

Detects ERC-2612 permit implementations where nonce mismanagement enables frontrunning attacks on gasless approvals.

evmhighfront-runningstatic-analysis
Read More
EVMhighDetector

Permit Vulnerabilities

Maintained by Sigvex TeamReviewed

Detects ERC-2612 permit implementation issues including front-running, nonce manipulation, and deadline bypass.

evmhighaccess-controlstatic-analysis
Read More
EVMhighDetector

Precision Errors

Maintained by Sigvex TeamReviewed

Detects division-before-multiplication and rounding errors in financial calculations that cause systematic fund loss or enable economic attacks through precision manipulation.

evmhighinteger-overflowstatic-analysis
Read More
SolanahighDetector

Precision Errors

Maintained by Sigvex TeamReviewed

Detects precision loss and rounding errors in DeFi financial calculations.

svmhighprecision-errorsinteger-overflow
Read More
SolanahighDetector

Price Impact

Maintained by Sigvex TeamReviewed

Detects large swaps without price impact validation.

svmhighprice-impactmev
Read More
SolanahighDetector

Program Upgrade Risks

Maintained by Sigvex TeamReviewed

Detects security risks in upgradeable Solana programs including authority validation issues.

svmhighprogram-upgrade-risksaccess-control
Read More
ZKhighDetector

Quadratic Constraint Composition

Maintained by Sigvex TeamReviewed

Detects R1CS quadratic constraints where both multiplicative factors contain only unconstrained signals, breaking proof soundness.

zkhighstatic-analysisdetector
Read More
SolanahighDetector

Read-Only Reentrancy

Maintained by Sigvex TeamReviewed

Detects potential read-only reentrancy through CPI calls where a callee reads stale state from the caller during a callback.

svmhighreentrancystatic-analysis
Read More
SolanahighDetector

Readonly CPI Write Bypass

Maintained by Sigvex TeamReviewed

Detects readonly accounts forwarded to CPI calls that may bypass write locks.

svmhighreadonly-cpi-write-bypassaccess-control
Read More
EVMhighDetector

Rebasing Token

Maintained by Sigvex TeamReviewed

Detects contracts that interact with rebasing tokens (like stETH or AMPL) without accounting for balance changes that occur outside of explicit transfers.

evmhighinteger-overflowstatic-analysis
Read More
SolanahighDetector

Remaining Accounts Injection

Maintained by Sigvex TeamReviewed

Detects use of ctx.remaining_accounts in privileged operations without ownership and discriminator validation, allowing attackers to inject malicious accounts that bypass Anchor's type system.

svmhighaccount-validationaccess-control
Read More
SolanahighDetector

Rent Collection Exploit

Maintained by Sigvex TeamReviewed

Detects rent collection exploit patterns and missing rent-exempt checks.

svmhighrent-collection-exploitfund-safety
Read More
SolanahighDetector

Rent Exempt Initialization

Maintained by Sigvex TeamReviewed

Detects account data writes before rent-exempt funding.

svmhighrent-exempt-initializationaccess-control
Read More
SolanahighDetector

Rent Exempt Reallocation

Maintained by Sigvex TeamReviewed

Detects account reallocations without rent-exemption lamport adjustments.

svmhighrent-exempt-reallocationaccess-control
Read More
SolanahighDetector

Rent Exemption Violation

Maintained by Sigvex TeamReviewed

Detects rent exemption requirement violations in Solana programs.

svmhighrent-exemption-violationfund-safety
Read More
SolanahighDetector

Rent Withdrawal Balance

Maintained by Sigvex TeamReviewed

Detects partial lamport withdrawals without rent-exemption balance checks.

svmhighrent-withdrawal-balanceaccess-control
Read More
EVMhighDetector

Reserve Manipulation

Maintained by Sigvex TeamReviewed

Detects AMM and DEX contracts vulnerable to reserve manipulation via direct balance inflation, enabling attackers to skew prices or drain liquidity.

evmhighoracle-manipulationstatic-analysis
Read More
EVMhighDetector

Reward and Incentive Manipulation

Maintained by Sigvex TeamReviewed

Detects vulnerabilities in staking, yield farming, and reward distribution functions that allow attackers to inflate reward claims through flash loans, timestamp manipulation, or division-before-multiplication precision loss.

evmhighoracle-manipulationstatic-analysis
Read More
SolanahighDetector

Role-Based Access Control

Maintained by Sigvex TeamReviewed

Detects role-based access control vulnerabilities including missing role checks, escalation risks, and hardcoded permissions.

svmhighrbacaccess-control
Read More
EVMhighDetector

RTLO Unicode

Maintained by Sigvex TeamReviewed

Detects right-to-left override Unicode characters used in Trojan Source attacks to disguise malicious code as benign.

evmhighaccess-controlstatic-analysis
Read More
EVMhighDetector

Sandwich Attack

Maintained by Sigvex TeamReviewed

Detects DEX swap functions vulnerable to sandwich attacks where missing slippage and deadline protections allow value extraction by MEV searchers.

evmhighfront-runningstatic-analysis
Read More
SolanahighDetector

Secondary Signer Validation

Maintained by Sigvex TeamReviewed

Detects accounts with identity validation (CheckKey) but missing signer validation (CheckSigner), allowing authorization bypass.

svmhighsecondary-signer-validationaccount-validation
Read More
EVMhighDetector

Selfdestruct Usage

Maintained by Sigvex TeamReviewed

Detects use of the selfdestruct opcode, which can permanently destroy a contract and forcibly send its Ether balance to an arbitrary address.

evmhighaccess-controlstatic-analysis
Read More
EVMhighDetector

Semantic Reentrancy

Maintained by Sigvex TeamReviewed

Detects reentrancy vulnerabilities arising from semantic state inconsistencies rather than direct balance manipulation.

evmhighreentrancystatic-analysis
Read More
SolanahighDetector

Shared Mutable Race

Maintained by Sigvex TeamReviewed

Detects race conditions from shared mutable account access where the same account is modified through multiple paths without duplicate checks.

svmhighshared-mutable-raceaccount-validation
Read More
EVMhighDetector

Short Address Attack

Maintained by Sigvex TeamReviewed

Detects ERC-20 transfer functions vulnerable to short address attacks where truncated addresses cause the amount parameter to be left-shifted.

evmhighstatic-analysisdetector
Read More
EVMhighDetector

Sign Extension Overflow

Maintained by Sigvex TeamReviewed

Detects unsafe sign extension in type conversions between signed and unsigned integers, where negative values become large positive numbers.

evmhighinteger-overflowstatic-analysis
Read More
ZKhighDetector

Signal Mutation in Loop

Maintained by Sigvex TeamReviewed

Detects self-referential signal mutation inside loops, where prover-controlled iteration counts allow arbitrary final values.

zkhighstatic-analysisdetector
Read More
ZKhighDetector

Signal Reuse

Maintained by Sigvex TeamReviewed

Detects signals assigned more than once, including silent unconstrained overwrites that bypass constraint generation.

zkhighstatic-analysisdetector
Read More
EVMhighDetector

Signature Replay

Maintained by Sigvex TeamReviewed

Detects signature verification without chain ID, contract address, nonce, or deadline binding, allowing valid signatures to be reused across transactions, chains, or contracts.

evmhighaccess-controlstatic-analysis
Read More
SolanahighDetector

Signature Replay

Maintained by Sigvex TeamReviewed

Detects signature verification without nonce or deadline replay protection, allowing valid signatures to be reused across multiple transactions.

svmhighaccess-controlstatic-analysis
Read More
EVMhighDetector

Signature Verification

Maintained by Sigvex TeamReviewed

Detects improper ECDSA signature verification patterns including missing checks, incorrect hash construction, and unsafe recovery.

evmhighaccess-controlstatic-analysis
Read More
SolanahighDetector

Slippage Protection

Maintained by Sigvex TeamReviewed

Detects missing slippage protection in token swap operations.

svmhighslippage-protectionmev
Read More
EVMhighDetector

Slippage Validation

Maintained by Sigvex TeamReviewed

Detects missing or insufficient slippage protection in DEX swap and liquidity operations, allowing MEV bots and sandwich attackers to extract value from transactions.

evmhighfront-runningstatic-analysis
Read More
SolanahighDetector

SPL Token Account Close

Maintained by Sigvex TeamReviewed

Detects unsafe account close operations including non-empty accounts and rent drain attacks.

svmhighspl-token-account-closeaccess-control
Read More
SolanahighDetector

SPL Token Account Validation

Maintained by Sigvex TeamReviewed

Detects missing validation in SPL token operations including ownership, mint, and authority checks.

svmhighspl-token-account-validationaccount-validation
Read More
SolanahighDetector

SPL Token ATA Validation

Maintained by Sigvex TeamReviewed

Detects improper Associated Token Account usage including wrong ATA, missing derivation validation, and mint mismatch.

svmhighspl-token-ata-validationaccess-control
Read More
SolanahighDetector

SPL Token Authority Confusion

Maintained by Sigvex TeamReviewed

Detects confusion between token account authorities (owner, delegate, close authority, mint authority, freeze authority).

svmhighspl-token-authority-confusionaccess-control
Read More
SolanahighDetector

SPL Token Close Authority Bypass

Maintained by Sigvex TeamReviewed

Detects token account closure without validating the close_authority field.

svmhighspl-token-close-authority-bypassaccess-control
Read More
SolanahighDetector

SPL Token Delegation Security

Maintained by Sigvex TeamReviewed

Detects unsafe token delegation patterns including unlimited approvals and missing revocation.

svmhighspl-token-delegation-securityaccess-control
Read More
SolanahighDetector

SPL Token Freeze Burn Validation

Maintained by Sigvex TeamReviewed

Detects unsafe freeze and burn operations with missing authority validation or balance checks.

svmhighspl-token-freeze-burnaccess-control
Read More
SolanahighDetector

SPL Token Transfer Hooks

Maintained by Sigvex TeamReviewed

Detects transfer hook vulnerabilities including bypass, reentrancy, and missing validation.

svmhighspl-token-transfer-hooksaccess-control
Read More
SolanahighDetector

Stack Depth Violation

Maintained by Sigvex TeamReviewed

Detects stack and CPI depth limit violations in Solana programs.

svmhighstack-depth-violationdenial-of-service
Read More
SolanahighDetector

Stale Account Data After CPI

Maintained by Sigvex TeamReviewed

Detects use of cached account data after CPI without reload, leading to stale reads.

svmhighstale-account-dataaccess-control
Read More
EVMhighDetector

Stale Off-Chain Aggregated Price Feed

Maintained by Sigvex TeamReviewed

Detects contracts that consume off-chain aggregated oracle data without verifying that the price is recent, allowing protocols to operate on outdated prices during network disruptions.

evmhighoracle-manipulationstatic-analysis
Read More
EVMhighDetector

Storage Layout Versioning

Maintained by Sigvex TeamReviewed

Detects storage layout changes during proxy upgrades that could corrupt existing state, including reordered variables and changed types.

evmhighstorage-collisionproxy-pattern
Read More
EVMhighDetector

Storage Write Removal Before Conditional Termination

Maintained by Sigvex TeamReviewed

Flags contracts compiled with Solidity 0.8.13 through 0.8.16 where the Yul optimizer can drop a storage write that precedes a conditional return or stop.

evmhighstorage-collisionstatic-analysis
Read More
SolanahighDetector

Swap Validation

Maintained by Sigvex TeamReviewed

Detects missing validation in token swap operations.

svmhighswap-validationaccess-control
Read More
SolanahighDetector

Sysvar Substitution

Maintained by Sigvex TeamReviewed

Detects unverified sysvar account usage that could allow attackers to substitute fake system data.

svmhighsysvar-substitutionaccount-validation
Read More
ZKhighDetector

Template Misuse

Maintained by Sigvex TeamReviewed

Detects incorrect template instantiation patterns including unused outputs, parameter mismatches, and unconstrained component output reads.

zkhighstatic-analysisdetector
Read More
SolanahighDetector

Token Account Ownership

Maintained by Sigvex TeamReviewed

Detects missing account ownership validation before cross-program invocations, allowing attackers to pass fake token accounts.

svmhightoken-account-ownershipaccount-validation
Read More
SolanahighDetector

Token Account Spoofing

Maintained by Sigvex TeamReviewed

Detects token account spoofing and aliasing vulnerabilities where fake token accounts can be substituted.

svmhightoken-account-spoofingaccess-control
Read More
SolanahighDetector

Token Extension Security

Maintained by Sigvex TeamReviewed

Detects Token-2022 extension security misconfigurations.

svmhightoken-extension-securityaccess-control
Read More
EVMhighDetector

Token Hook Reentrancy

Maintained by Sigvex TeamReviewed

Detects reentrancy through ERC-777, ERC-1155, and ERC-4626 token callback hooks where state updates occur after hook-triggering transfers.

evmhighreentrancystatic-analysis
Read More
SolanahighDetector

Token-2022 Confidential

Maintained by Sigvex TeamReviewed

Detects Token-2022 confidential transfer vulnerabilities.

svmhightoken-2022-confidentialaccess-control
Read More
SolanahighDetector

Token-2022 CPI Guard Bypass

Maintained by Sigvex TeamReviewed

Detects Token-2022 CPI transfers that ignore the CPI Guard extension and fail to handle guarded accounts.

svmhighaccess-controlstatic-analysis
Read More
SolanahighDetector

Token-2022 Extension Interaction Hazards

Maintained by Sigvex TeamReviewed

Detects Token-2022 mints that enable extension combinations with undefined, contradictory, or insecure interactions.

svmhighaccess-controlstatic-analysis
Read More
SolanahighDetector

Token-2022 Extensions

Maintained by Sigvex TeamReviewed

Detects Token-2022 extension vulnerabilities including transfer hooks, fees, and confidential transfers.

svmhighspl-token-2022-extensionsaccess-control
Read More
SolanahighDetector

Token-2022 Immutable Owner

Maintained by Sigvex TeamReviewed

Detects Token-2022 Immutable Owner extension validation issues.

svmhightoken2022-immutable-owneraccess-control
Read More
SolanahighDetector

Token-2022 Transfer Fee Bypass

Maintained by Sigvex TeamReviewed

Detects token transfers that do not account for Token-2022 transfer fees.

svmhightoken2022-transfer-fee-bypassfund-safety
Read More
EVMhighDetector

Transient Storage Clearing Helper Collision

Maintained by Sigvex TeamReviewed

Flags contracts compiled with Solidity 0.8.28 through 0.8.33 using the IR pipeline, where a shared zeroing helper can confuse persistent and transient storage on delete.

evmhighstorage-collisionstatic-analysis
Read More
ZKhighDetector

Trivial Constraint

Maintained by Sigvex TeamReviewed

Detects tautological constraints that are always satisfied regardless of signal values, providing no security guarantee.

zkhighstatic-analysisdetector
Read More
EVMhighDetector

TWAP Oracle Manipulation

Maintained by Sigvex TeamReviewed

Detects time-weighted average price oracle implementations vulnerable to multi-block manipulation or insufficient observation windows.

evmhighoracle-manipulationstatic-analysis
Read More
SolanahighDetector

Type Cosplay (Discriminator Spoofing)

Maintained by Sigvex TeamReviewed

Detects account data deserialization that reads past the discriminator prefix without first validating it, allowing attackers to pass accounts of a different type.

svmhightype-cosplayaccount-validation
Read More
ZKhighDetector

Unassigned Output

Maintained by Sigvex TeamReviewed

Detects output signals that are declared but never assigned, leaving the value undefined and open to proof forgery.

zkhighstatic-analysisdetector
Read More
EVMhighDetector

Unchecked Array Bounds

Maintained by Sigvex TeamReviewed

Detects array accesses without bounds validation, enabling out-of-bounds reads/writes that corrupt storage or cause unexpected reverts.

evmhighdenial-of-servicestatic-analysis
Read More
ZKhighDetector

Unchecked Component

Maintained by Sigvex TeamReviewed

Detects component instances whose inputs or outputs are never wired into the enclosing R1CS, leaving the component's internal constraints disconnected from the proof.

cross-runtimehighstatic-analysisdetector
Read More
SolanahighDetector

Unchecked CPI Return Value

Maintained by Sigvex TeamReviewed

Detects CPI calls without return value validation, allowing silent failures.

svmhighunchecked-cpi-returnaccess-control
Read More
SolanahighDetector

Unchecked Deserialization

Maintained by Sigvex TeamReviewed

Detects unchecked deserialization of account data that may panic on malformed input.

svmhighunchecked-deserializationaccess-control
Read More
EVMhighDetector

Unchecked ERC-20

Maintained by Sigvex TeamReviewed

Detects ERC-20 token operations whose boolean return values are not checked, allowing silent transfer failures.

evmhighunchecked-returnstatic-analysis
Read More
EVMhighDetector

Unchecked External Call Return Value

Maintained by Sigvex TeamReviewed

Detects external calls whose boolean return value is not checked, allowing silent failures that leave the contract in an inconsistent state.

evmhighunchecked-returnstatic-analysis
Read More
SolanahighDetector

Uninitialized Account

Maintained by Sigvex TeamReviewed

Detects usage of uninitialized accounts before proper initialization.

svmhighuninitialized-accountaccess-control
Read More
EVMhighDetector

Uninitialized Storage

Maintained by Sigvex TeamReviewed

Detects storage variables and struct pointers used before initialization, where default zero values may cause unexpected behavior.

evmhighaccess-controlstatic-analysis
Read More
EVMhighDetector

Unsafe Callback

Maintained by Sigvex TeamReviewed

Detects external callback hooks that execute untrusted code without proper validation, gas limits, or reentrancy protection.

evmhighreentrancystatic-analysis
Read More
EVMhighDetector

Unsafe Downcasting

Maintained by Sigvex TeamReviewed

Detects type casts that silently truncate values when converting from a larger to a smaller integer type.

evmhighinteger-overflowstatic-analysis
Read More
EVMhighDetector

Vault Inflation Attack (ERC-4626 First Depositor)

Maintained by Sigvex TeamReviewed

Detects ERC-4626 tokenized vault implementations that are vulnerable to the first-depositor share price inflation attack, where an attacker manipulates the share price to cause subsequent depositors to receive zero shares.

evmhighinteger-overflowstatic-analysis
Read More
EVMhighDetector

veToken Governance

Maintained by Sigvex TeamReviewed

Detects vulnerabilities in vote-escrowed token governance systems including flash-vote attacks, lock manipulation, and decay bypass.

evmhighaccess-controlstatic-analysis
Read More
SolanahighDetector

Voting Power Manipulation

Maintained by Sigvex TeamReviewed

Detects governance voting power manipulation vulnerabilities.

svmhighvoting-power-manipulationaccess-control
Read More
EVMhighDetector

Weak Randomness

Maintained by Sigvex TeamReviewed

Detects use of predictable on-chain values — blockhash, block.timestamp, block.prevrandao — as sources of randomness, which miners or validators can manipulate.

evmhighaccess-controlstatic-analysis
Read More
SolanahighDetector

Weak Randomness

Maintained by Sigvex TeamReviewed

Detects Solana programs that derive randomness from predictable on-chain sources such as clock timestamps, slot numbers, or account hashes.

svmhighaccess-controlstatic-analysis
Read More
ZKhighDetector

Witness Complexity

Maintained by Sigvex TeamReviewed

Detects unconstrained witness expressions that combine several nondeterministic operations, where the constraint set is unlikely to fully rebind the result.

cross-runtimehighstatic-analysisdetector
Read More
EVMhighDetector

Wrapped Native Token Confusion

Maintained by Sigvex TeamReviewed

Detects contracts that conflate WETH and native ETH handling, causing stuck funds or incorrect transfer logic.

evmhighstatic-analysisdetector
Read More
SolanahighDetector

Zero Copy Deserialization

Maintained by Sigvex TeamReviewed

Detects unsafe zero-copy deserialization patterns that can lead to memory corruption.

svmhighzero-copy-deserializationaccess-control
Read More
EVMmediumDetector

AA Signature Audit

Maintained by Sigvex TeamReviewed

Detects signature vulnerabilities in account abstraction implementations including missing chain ID, replay across accounts, and malleability.

evmmediumaccess-controlstatic-analysis
Read More
SolanamediumDetector

Account Reinitialization

Maintained by Sigvex TeamReviewed

Detects account data writes that lack a prior initialization check, allowing attackers to reset account state or overwrite existing data.

svmmediumaccount-validationstatic-analysis
Read More
SolanamediumDetector

Account Size Violation

Maintained by Sigvex TeamReviewed

Detects account data size violations in Solana programs.

svmmediumaccount-size-violationdenial-of-service
Read More
SolanamediumDetector

Anchor Space Allocation

Maintained by Sigvex TeamReviewed

Detects incorrect space allocation in Anchor account initialization.

svmmediumanchor-space-allocationdenial-of-service
Read More
EVMmediumDetector

Array Deletion Index

Maintained by Sigvex TeamReviewed

Detects unsafe array element deletion that leaves stale indices or gaps, corrupting data structures that depend on contiguous arrays.

evmmediumstatic-analysisdetector
Read More
EVMmediumDetector

Array Length Assumption

Maintained by Sigvex TeamReviewed

Detects parallel array operations that assume equal lengths without validation, risking out-of-bounds access or incomplete processing.

evmmediumstatic-analysisdetector
Read More
EVMmediumDetector

Blob Data Dependency

Maintained by Sigvex TeamReviewed

Detects contracts that depend on EIP-4844 blob data availability, which is only guaranteed for a limited time window.

evmmediumstatic-analysisdetector
Read More
SolanamediumDetector

Borsh Length DoS

Maintained by Sigvex TeamReviewed

Detects unbounded Borsh Vec/String length prefix usage that can cause DoS.

svmmediumborsh-length-dosdenial-of-service
Read More
EVMmediumDetector

Bytecode Size Limit

Maintained by Sigvex TeamReviewed

Detects contracts approaching or exceeding the EIP-170 24KB bytecode size limit, which prevents deployment.

evmmediumgas-optimizationstatic-analysis
Read More
ZKmediumDetector

Cairo External Without Validation

Maintained by Sigvex TeamReviewed

Detects external, state-mutating Cairo functions that accept parameters but contain no assertions, trusting arbitrary caller-supplied input.

cross-runtimemediumstatic-analysisdetector
Read More
ZKmediumDetector

Cairo Unchecked Division

Maintained by Sigvex TeamReviewed

Detects division in Cairo functions where the divisor is not asserted non-zero, risking transaction aborts and surprising quotients under field semantics.

cross-runtimemediumstatic-analysisdetector
Read More
ZKmediumDetector

Cairo Unchecked Felt Arithmetic

Maintained by Sigvex TeamReviewed

Detects felt252 arithmetic in state-changing Cairo functions that has no bounding assertion and may wrap silently around the Starknet field prime.

cross-runtimemediumstatic-analysisdetector
Read More
EVMmediumDetector

Calls in Loop

Maintained by Sigvex TeamReviewed

Detects external calls inside loops that can cause denial-of-service when any single call reverts or the loop exceeds the block gas limit.

evmmediumdenial-of-servicestatic-analysis
Read More
SolanamediumDetector

Clock Account Spoofing

Maintained by Sigvex TeamReviewed

Detects programs that read time data from unvalidated accounts instead of the canonical Clock sysvar, enabling timestamp manipulation.

svmmediumaccount-validationstatic-analysis
Read More
SolanamediumDetector

Clock Staleness

Maintained by Sigvex TeamReviewed

Detects Clock sysvar usage in financial logic without staleness bounds, exploitable after network halts.

svmmediumclock-stalenesstime-dependency
Read More
SolanamediumDetector

Compute Budget Injection

Maintained by Sigvex TeamReviewed

Detects hardcoded compute budget assumptions vulnerable to injection.

svmmediumcompute-budget-injectiondenial-of-service
Read More
ZKmediumDetector

Constraint Degree Overflow

Maintained by Sigvex TeamReviewed

Detects constraint expressions whose multiplicative degree exceeds the proof system's gate degree, forcing expansion or breaking compilation.

zkmediumstatic-analysisdetector
Read More
SolanamediumDetector

Cross-Contract Consistency

Maintained by Sigvex TeamReviewed

Detects cross-account state consistency issues.

svmmediumcross-contract-consistencyaccess-control
Read More
EVMmediumDetector

Default Visibility

Maintained by Sigvex TeamReviewed

Detects functions and state variables with implicit visibility that may unintentionally be public.

evmmediumaccess-controlstatic-analysis
Read More
EVMmediumDetector

Denial of Service

Maintained by Sigvex TeamReviewed

Detects patterns that allow attackers to permanently block contract execution, including unbounded loops, push-payment patterns, and external call failures in critical paths.

evmmediumdenial-of-servicestatic-analysis
Read More
EVMmediumDetector

Deprecated Functions

Maintained by Sigvex TeamReviewed

Detects usage of deprecated Solidity functions and constructs that may be removed in future compiler versions.

evmmediumgas-optimizationstatic-analysis
Read More
SolanamediumDetector

Deserialization Endianness

Maintained by Sigvex TeamReviewed

Detects potential endianness mismatches in data deserialization.

svmmediumdeserialization-endiannessaccess-control
Read More
EVMmediumDetector

Divide Before Multiply

Maintained by Sigvex TeamReviewed

Detects arithmetic expressions where division precedes multiplication, causing precision loss from integer truncation.

evmmediuminteger-overflowstatic-analysis
Read More
EVMmediumDetector

Dropped Side Effects on .selector Access

Maintained by Sigvex TeamReviewed

Flags contracts compiled with Solidity 0.6.2 through 0.8.20 on the legacy pipeline, where side effects of an expression before .selector could be silently discarded.

evmmediumaccess-controlstatic-analysis
Read More
SolanamediumDetector

Duplicate Mutable Accounts

Maintained by Sigvex TeamReviewed

Detects when the same account is passed at multiple positions in an instruction where both references are mutable, creating aliasing bugs and undefined behavior.

svmmediumaccount-validationstatic-analysis
Read More
SolanamediumDetector

Emergency Pause

Maintained by Sigvex TeamReviewed

Detects missing or vulnerable emergency pause mechanisms in Solana programs.

svmmediumemergency-pauseaccess-control
Read More
EVMmediumDetector

ERC-165 Interface Spoofing

Maintained by Sigvex TeamReviewed

Detects contracts that falsely claim ERC-165 interface support, enabling type confusion attacks in routers, marketplaces, and bridges.

evmmediumstatic-analysisdetector
Read More
EVMmediumDetector

ERC-20 Approve Race

Maintained by Sigvex TeamReviewed

Detects ERC-20 approve functions vulnerable to the front-running race condition where a spender can spend both old and new allowances.

evmmediumfront-runningstatic-analysis
Read More
EVMmediumDetector

ERC-20 Standard Violations

Maintained by Sigvex TeamReviewed

Detects deviations from the ERC-20 token standard including missing return values, incorrect event signatures, and non-standard behavior.

evmmediumstatic-analysisdetector
Read More
EVMmediumDetector

Front-Running

Maintained by Sigvex TeamReviewed

Detects transactions where the outcome depends on call ordering, enabling miners or other users to manipulate execution order for profit.

evmmediumfront-runningstatic-analysis
Read More
EVMmediumDetector

Hardcoded Gas Values

Maintained by Sigvex TeamReviewed

Detects hardcoded gas stipends and gas limits that break when EVM gas costs change across hard forks or L2 environments.

evmmediumgas-optimizationstatic-analysis
Read More
EVMmediumDetector

Hash Collision

Maintained by Sigvex TeamReviewed

Detects abi.encodePacked usage with multiple dynamic types that can produce hash collisions via data concatenation ambiguity.

evmmediumaccess-controlstatic-analysis
Read More
SolanamediumDetector

Improper Error Handling

Maintained by Sigvex TeamReviewed

Detects silently ignored errors or improper error propagation in Solana programs.

svmmediumimproper-error-handlingerror-handling
Read More
EVMmediumDetector

Incorrect Comparison

Maintained by Sigvex TeamReviewed

Detects comparison operators that are likely wrong — using = instead of ==, > instead of >=, or comparing incompatible types.

evmmediuminteger-overflowstatic-analysis
Read More
EVMmediumDetector

Inheritance Order

Maintained by Sigvex TeamReviewed

Detects diamond inheritance patterns, conflicting overrides, and overlapping modifier chains that C3 linearization can resolve unexpectedly.

evmmediumstatic-analysisdetector
Read More
SolanamediumDetector

Instruction Data Parsing Edge Cases

Maintained by Sigvex TeamReviewed

Detects unsafe instruction data parsing patterns that may cause panics or errors with malformed data.

svmmediuminstruction-data-parsing-edge-casesdenial-of-service
Read More
EVMmediumDetector

Keccak256 Optimizer Result Reuse

Maintained by Sigvex TeamReviewed

Flags contracts compiled with Solidity below 0.8.3 where the optimizer can reuse a keccak256 result across two differing input lengths that round to the same 32-byte multiple.

evmmediumstorage-collisionstatic-analysis
Read More
SolanamediumDetector

Lamport Dust

Maintained by Sigvex TeamReviewed

Detects lamport dust exploitation vulnerabilities in Solana programs.

svmmediumlamport-dustfund-safety
Read More
EVMmediumDetector

Missing Input Validation

Maintained by Sigvex TeamReviewed

Detects functions that accept user-supplied parameters and use them in sensitive operations without sufficient bounds checking, type validation, or access control enforcement.

evmmediumaccess-controlstatic-analysis
Read More
ZKmediumDetector

Missing Range Check

Maintained by Sigvex TeamReviewed

Detects signals consumed by bit-width-sensitive components without a preceding range constraint, enabling silent overflow of comparators and bit decompositions.

cross-runtimemediumstatic-analysisdetector
Read More
EVMmediumDetector

Missing Zero Address Validation

Maintained by Sigvex TeamReviewed

Detects functions that accept address parameters without checking for the zero address, risking permanent fund loss.

evmmediumaccess-controlstatic-analysis
Read More
SolanamediumDetector

NFT Metadata Validation

Maintained by Sigvex TeamReviewed

Detects NFT metadata validation issues.

svmmediumnft-metadata-validationaccess-control
Read More
SolanamediumDetector

NFT Royalty Bypass

Maintained by Sigvex TeamReviewed

Detects NFT royalty enforcement bypass patterns.

svmmediumnft-royalty-bypassfund-safety
Read More
SolanamediumDetector

Non-Anchor Discriminator

Maintained by Sigvex TeamReviewed

Detects missing instruction discrimination in non-Anchor Solana programs.

svmmediumnon-anchor-discriminatoraccess-control
Read More
SolanamediumDetector

Oracle Manipulation

Maintained by Sigvex TeamReviewed

Detects Solana programs that rely on unvalidated or manipulable price oracle data, enabling attackers to trigger liquidations, drain vaults, or manipulate DeFi calculations.

svmmediumoracle-manipulationstatic-analysis
Read More
EVMmediumDetector

Outdated Compiler

Maintained by Sigvex TeamReviewed

Detects contracts compiled with Solidity versions affected by published compiler advisories, using bytecode metadata for version evidence.

evmmediumstatic-analysisdetector
Read More
SolanamediumDetector

PDA Path Confusion

Maintained by Sigvex TeamReviewed

Detects PDA derivations without program-specific namespace seeds, risking cross-program collisions.

svmmediumpda-path-confusionpda-validation
Read More
SolanamediumDetector

Readonly Misuse

Maintained by Sigvex TeamReviewed

Detects semantic misuse of readonly accounts.

svmmediumreadonly-misuseaccess-control
Read More
SolanamediumDetector

Rent Exempt Epoch Transition

Maintained by Sigvex TeamReviewed

Detects cached rent-exempt minimum balances that become stale across epoch transitions.

svmmediumrent-exempt-epoch-transitionaccess-control
Read More
EVMmediumDetector

Requirement Violation

Maintained by Sigvex TeamReviewed

Detects functions where require/assert conditions can be violated through specific input combinations or state manipulation.

evmmediumstatic-analysisdetector
Read More
EVMmediumDetector

Returnbomb

Maintained by Sigvex TeamReviewed

Detects external calls vulnerable to returnbomb attacks where a malicious callee returns excessive data to cause out-of-gas reverts.

evmmediumdenial-of-servicestatic-analysis
Read More
EVMmediumDetector

Royalty Bypass

Maintained by Sigvex TeamReviewed

Detects NFT marketplace and token contracts where ERC-2981 royalty payments can be circumvented through wrapper contracts or direct transfers.

evmmediumstatic-analysisdetector
Read More
SolanamediumDetector

Secp256k1 Signature Malleability

Maintained by Sigvex TeamReviewed

Detects Secp256k1 signature verification without canonicalization checks.

svmmediumsecp256k1-signature-malleabilityaccess-control
Read More
ZKmediumDetector

Signal Aliasing

Maintained by Sigvex TeamReviewed

Detects redundant equality constraints that create signal aliases without adding security, potentially masking missing constraints.

zkmediumstatic-analysisdetector
Read More
ZKmediumDetector

Signal as Array Index

Maintained by Sigvex TeamReviewed

Detects array accesses indexed by an unconstrained signal, giving the prover a free choice of which element is read.

cross-runtimemediumstatic-analysisdetector
Read More
EVMmediumDetector

Signature Malleability

Maintained by Sigvex TeamReviewed

Detects ECDSA signature verification that fails to check s-value bounds, v-value validity, or zero-address returns from ecrecover.

evmmediumaccess-controlstatic-analysis
Read More
EVMmediumDetector

Solidity Calldata Re-encoding Miscompilations

Maintained by Sigvex TeamReviewed

Flags contracts compiled with Solidity versions affected by the 2022 ABI-encoder calldata re-encoding bugs that can corrupt forwarded calldata.

evmmediumgas-optimizationstatic-analysis
Read More
SolanamediumDetector

SPL Token Compliance

Maintained by Sigvex TeamReviewed

Detects SPL Token standard compliance violations.

svmmediumspl-token-complianceaccess-control
Read More
SolanamediumDetector

SPL Token Delegation Chain Depth

Maintained by Sigvex TeamReviewed

Detects excessive delegation chain depth that increases attack surface and complexity.

svmmediumspl-token-delegation-chain-depthaccess-control
Read More
SolanamediumDetector

SPL Token Metadata Validation

Maintained by Sigvex TeamReviewed

Detects metadata validation issues including missing PDA checks, update authority verification, and URI validation.

svmmediumspl-token-metadata-validationaccess-control
Read More
SolanamediumDetector

Sysvar Cache Staleness

Maintained by Sigvex TeamReviewed

Detects stale sysvar data usage across blocks beyond Clock.

svmmediumsysvar-cache-stalenessaccess-control
Read More
EVMmediumDetector

Tautological Compare

Maintained by Sigvex TeamReviewed

Detects comparisons that are always true or always false due to type constraints, rendering conditional logic dead.

evmmediuminteger-overflowstatic-analysis
Read More
SolanamediumDetector

Timelock Operations

Maintained by Sigvex TeamReviewed

Detects timelock bypass vulnerabilities, missing delays for critical operations, and timestamp validation issues.

svmmediumtimelockaccess-control
Read More
EVMmediumDetector

Timestamp Dependence

Maintained by Sigvex TeamReviewed

Detects reliance on block.timestamp for time-sensitive logic where validator manipulation of the timestamp by up to ~15 seconds can influence outcomes.

evmmediumfront-runningstatic-analysis
Read More
SolanamediumDetector

Timestamp Dependency

Maintained by Sigvex TeamReviewed

Detects dangerous dependencies on block timestamps in security-critical logic including access control and randomness.

svmmediumtimestamp-dependencytime-dependency
Read More
SolanamediumDetector

Token Init Race

Maintained by Sigvex TeamReviewed

Detects token account initialization race conditions.

svmmediumtoken-init-raceaccess-control
Read More
SolanamediumDetector

Transaction Size DoS

Maintained by Sigvex TeamReviewed

Detects unbounded account lists in CPI that can cause transaction size DoS.

svmmediumtransaction-size-dosdenial-of-service
Read More
EVMmediumDetector

tx.origin Authentication

Maintained by Sigvex TeamReviewed

Detects use of tx.origin for authentication or access control, which allows phishing attacks to bypass authorization checks.

evmmediumaccess-controlstatic-analysis
Read More
EVMmediumDetector

Typographical Error

Maintained by Sigvex TeamReviewed

Detects bytecode patterns left by operator typos: =+ instead of +=, identity assignments, and consecutive operations that cancel out.

evmmediumstatic-analysisdetector
Read More
SolanamediumDetector

Unsafe Deserialization

Maintained by Sigvex TeamReviewed

Detects potentially unsafe account data access patterns without bounds checking.

svmmediumunsafe-deserializationaccess-control
Read More
ZKmediumDetector

Unsafe Field Downcast in Noir Circuits

Maintained by Sigvex TeamReviewed

Flags Noir functions that convert a Field input to a smaller integer type without a range check that prevents silent truncation.

cross-runtimemediumstatic-analysisdetector
Read More
ZKmediumDetector

Unused Signals

Maintained by Sigvex TeamReviewed

Detects declared signals that never appear in any constraint or assignment, indicating dead code or incomplete circuit logic.

zkmediumstatic-analysisdetector
Read More
EVMmediumDetector

Variable Shadowing

Maintained by Sigvex TeamReviewed

Detects local variables or inherited state variables that shadow declarations in parent contracts, causing confusion about which variable is accessed.

evmmediumaccess-controlstatic-analysis
Read More
SolanamediumDetector

Weak PDA Entropy

Maintained by Sigvex TeamReviewed

Detects PDA derivations with weak seed entropy, enabling prediction and front-running attacks.

svmmediumweak-pda-entropypda-validation
Read More
EVMmediumDetector

Write After Write

Maintained by Sigvex TeamReviewed

Detects redundant storage writes where a variable is written twice without an intervening read, wasting gas and potentially indicating logic errors.

evmmediumgas-optimizationstatic-analysis
Read More
SolanamediumDetector

Zero Amount Operation

Maintained by Sigvex TeamReviewed

Detects token operations that may accept zero amounts without explicit validation.

svmmediumzero-amount-operationaccess-control
Read More
ZKlowDetector

Cairo Narrow Int Return

Maintained by Sigvex TeamReviewed

Detects Cairo functions that take a felt252 input and return a narrow integer type without a range check, exposing a denial-of-service surface on out-of-range inputs.

cross-runtimelowstatic-analysisdetector
Read More
SolanalowDetector

Compute Budget Accounting

Maintained by Sigvex TeamReviewed

Detects loops and recursive call patterns that consume compute units without bounds or budget checks, causing unpredictable mid-execution transaction failures.

svmlowdenial-of-servicestatic-analysis
Read More
EVMlowDetector

Ether Balance Assumption

Maintained by Sigvex TeamReviewed

Detects contracts that assume their ETH balance equals the sum of deposits, ignoring forcibly sent ETH via selfdestruct or coinbase transactions.

evmlowstatic-analysisdetector
Read More
ZKlowDetector

External State Mutation

Maintained by Sigvex TeamReviewed

A baseline informational hint marking every external, non-view Cairo entrypoint that can change contract state, so reviewers can confirm checks-effects-interactions ordering.

cross-runtimelowstatic-analysisdetector
Read More
EVMlowDetector

Floating Pragma

Maintained by Sigvex TeamReviewed

Detects contracts compiled with a floating pragma version that may produce different bytecode across compiler versions.

evmlowgas-optimizationstatic-analysis
Read More
SolanalowDetector

Frozen Account Operations

Maintained by Sigvex TeamReviewed

Detects token operations performed without checking if the account is frozen.

svmlowspl-token-frozen-account-operationsaccess-control
Read More
SolanalowDetector

Hardcoded System Program Address

Maintained by Sigvex TeamReviewed

Detects hardcoded system program addresses instead of using named constants for program IDs.

svmlowhardcoded-system-program-addressaccount-validation
Read More
SolanalowDetector

Hardcoded Sysvar Address

Maintained by Sigvex TeamReviewed

Detects hardcoded sysvar addresses instead of using proper sysvar::id() derivation functions.

svmlowhardcoded-sysvar-addressaccount-validation
Read More
EVMlowDetector

Missing Events

Maintained by Sigvex TeamReviewed

Detects critical state-changing operations that do not emit events, reducing transparency and making off-chain monitoring impossible.

evmlowaccess-controlstatic-analysis
Read More
SolanalowDetector

Missing Rent Check

Maintained by Sigvex TeamReviewed

Detects potential rent exemption issues from lamport transfers.

svmlowmissing-rent-checkaccess-control
Read More
SolanalowDetector

Missing Writable Check

Maintained by Sigvex TeamReviewed

Detects account modifications performed without verifying the is_writable flag, allowing read-only accounts to be silently corrupted or causing runtime errors.

svmlowaccount-validationstatic-analysis
Read More
SolanalowDetector

Program Interface Compliance

Maintained by Sigvex TeamReviewed

Detects program interface compliance issues.

svmlowprogram-interface-compliancegas-optimization
Read More
SolanalowDetector

Readonly Account Mutation

Maintained by Sigvex TeamReviewed

Detects attempts to modify accounts that have been verified as readonly.

svmlowreadonly-account-mutationaccess-control
Read More
SolanalowDetector

Rent Epoch Validation

Maintained by Sigvex TeamReviewed

Detects improper rent epoch validation and handling.

svmlowrent-epoch-validationaccess-control
Read More
SolanalowDetector

Unchecked Arithmetic

Maintained by Sigvex TeamReviewed

Detects unchecked arithmetic operations that could silently overflow or underflow in SVM programs.

svmlowunchecked-arithmeticinteger-overflow
Read More
EVMinfoDetector

Dead Code

Maintained by Sigvex TeamReviewed

Detects unreachable code paths and unused internal functions that increase bytecode size and may indicate logic errors.

evminfostatic-analysisdetector
Read More
EVMinfoDetector

Gas Optimization

Maintained by Sigvex TeamReviewed

Identifies repeated storage reads of the same slot within a function that could be cached in memory to save gas.

evminformationalgas-optimizationstatic-analysis
Read More
EVMinfoDetector

Private Data Exposure

Maintained by Sigvex TeamReviewed

Detects contracts storing sensitive data in private or internal state variables, which remain readable on-chain despite the visibility modifier.

evminfostatic-analysisdetector
Read More
EVMinfoDetector

Unused Variables

Maintained by Sigvex TeamReviewed

Detects storage slots that are written but never read and local variables assigned but never used, indicating dead state or incomplete logic.

evminformationalstatic-analysisdetector
Read More
EVMRemediation

AA Signature Audit Remediation

Maintained by Sigvex TeamReviewed

Bind smart-account signatures to the EntryPoint-provided userOpHash so they cannot be replayed across chains or accounts.

evmaccess-control
Read More
EVMRemediation

AA Storage Access Violations Remediation

Maintained by Sigvex TeamReviewed

Keep ERC-4337 validation free of banned opcodes and non-associated storage so bundlers can safely simulate the operation.

evmdenial-of-service
Read More
EVMExploit

Access Control Bypass Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates missing access control by calling privileged functions from an unauthorized address and checking for storage mutations.

evmaccess-controlexploit-generator
Read More
EVMRemediation

Access Control Remediation

Maintained by Sigvex TeamReviewed

How to implement proper access controls on privileged functions using ownership patterns, role-based access, and multi-signature authorization.

evmaccess-control
Read More
EVMRemediation

Account Abstraction (ERC-4337) Remediation

Maintained by Sigvex TeamReviewed

Keep ERC-4337 validation free of banned opcodes and unrestricted storage, and verify signatures against the EntryPoint userOpHash.

evmaccess-control
Read More
SolanaRemediation

Account List Size Remediation

Maintained by Sigvex TeamReviewed

How to fix missing account list size validation for fixed account layouts.

svmdenial-of-service
Read More
SolanaRemediation

Account Reinitialization Remediation

Maintained by Sigvex TeamReviewed

How to prevent account reinitialization attacks by adding an initialization guard that checks the discriminator or an explicit initialized flag before overwriting account state.

svmaccount-validation
Read More
SolanaExploit

Account Type Confusion Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates account type confusion vulnerabilities in Solana programs by simulating an attack that passes a wrong account type to an instruction, bypassing type-based access controls.

svmtype-cosplayexploit-generator
Read More
SolanaRemediation

Account Type Confusion Remediation

Maintained by Sigvex TeamReviewed

How to validate account discriminators and use the account-validation framework's typed account system to prevent attackers from substituting accounts of the wrong type.

svmtype-cosplayaccount-validation
Read More
SolanaRemediation

Admin Key Management Remediation

Maintained by Sigvex TeamReviewed

How to fix unsafe admin key handling, hardcoded keys, and single points of failure.

svmaccess-control
Read More
SolanaRemediation

Anchor Constraint Bypass Remediation

Maintained by Sigvex TeamReviewed

How to fix missing or insufficient Anchor account constraints that allow unauthorized account substitution.

svmaccess-control
Read More
EVMExploit

API/Off-Chain Data Manipulation Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates off-chain data trust vulnerabilities where contracts accept external API data without signature verification, freshness checks, or redundancy — enabling data injection, replay attacks, and single-point-of-failure exploits.

evmoracle-manipulationexploit-generator
Read More
EVMRemediation

API/Off-Chain Data Remediation

Maintained by Sigvex TeamReviewed

How to secure contracts that consume off-chain data by requiring cryptographic signatures, freshness timestamps, and multiple independent sources to prevent data injection and replay attacks.

evmoracle-manipulation
Read More
SolanaRemediation

Arbitrary CPI Remediation

Maintained by Sigvex TeamReviewed

How to validate cross-program invocation targets to prevent attackers from redirecting CPI calls to malicious programs.

svmarbitrary-cpiaccess-control
Read More
EVMRemediation

Arbitrary ERC-20 Transfer Remediation

Maintained by Sigvex TeamReviewed

Add access control to functions that move a contract's tokens so callers cannot redirect the balance to themselves.

evmaccess-control
Read More
EVMRemediation

Arbitrary Jump Remediation

Maintained by Sigvex TeamReviewed

How to eliminate control-flow hijacking by never deriving a JUMP destination from user input — use structured dispatch instead of computed jumps.

evmaccess-control
Read More
EVMExploit

Arbitrary Storage Write Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates arbitrary storage write vulnerabilities by simulating user-controlled SSTORE operations targeting critical storage slots including the owner address.

evmstorage-collisionexploit-generator
Read More
EVMRemediation

Arbitrary Storage Write Remediation

Maintained by Sigvex TeamReviewed

Stop user-controlled storage slots by writing only through mappings and arrays under access control.

evmaccess-control
Read More
EVMRemediation

Arbitrary Storage Write Remediation

Maintained by Sigvex TeamReviewed

How to eliminate arbitrary storage write vulnerabilities by removing user-controlled assembly SSTORE operations, using Solidity mappings, and enforcing slot allowlists for unavoidable inline assembly.

evmstorage-collisionaccess-control
Read More
SolanaExploit

Arithmetic Overflow Exploit Generator

Maintained by Sigvex TeamReviewed

Exploit generator that validates unchecked arithmetic vulnerabilities in Solana programs where integer overflow or underflow in token balance calculations allows fund theft or state corruption.

svminteger-overflowexploit-generator
Read More
SolanaRemediation

Arithmetic Overflow Remediation

Maintained by Sigvex TeamReviewed

How to prevent integer overflow and underflow in Solana programs by replacing unchecked arithmetic with checked methods and safe intermediate widening.

svminteger-overflow
Read More
EVMRemediation

Array Deletion Index Remediation

Maintained by Sigvex TeamReviewed

Remove storage array elements with swap-and-pop so no zero-value gap is left behind for later iterations.

evm
Read More
EVMRemediation

Assembly Analysis Remediation

Maintained by Sigvex TeamReviewed

Make inline assembly memory-safe, bound returndata copies, and add overflow guards that Solidity would otherwise provide.

evm
Read More
EVMRemediation

Assert Violation Remediation

Maintained by Sigvex TeamReviewed

Validate external inputs with require() and reserve assert() for invariants that should never be false.

evm
Read More
EVMExploit

Bridge Message Manipulation Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates cross-chain bridge vulnerabilities including message replay, cross-chain replay, and Nomad-style uninitialized state exploitation.

evmaccess-controlexploit-generator
Read More
EVMRemediation

Bridge Message Remediation

Maintained by Sigvex TeamReviewed

How to secure cross-chain bridge message processing by implementing nonce-based replay protection, chain ID binding, explicit state initialization, and validator threshold requirements.

evmaccess-control
Read More
SolanaRemediation

Bump Seed Canonicalization Remediation

Maintained by Sigvex TeamReviewed

How to ensure PDA derivation uses the canonical bump seed from find_program_address rather than create_program_address with an attacker-supplied bump.

svmpda-validationaccount-validation
Read More
ZKRemediation

Cairo External Without Validation Remediation

Maintained by Sigvex TeamReviewed

How to add caller and input validation to external, state-mutating Cairo functions so they no longer trust arbitrary caller-supplied data.

cross-runtimeaccess-control
Read More
EVMExploit

Centralization Risks Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates centralization risk findings by classifying the specific privilege type and documenting the trust assumptions and attack scenarios enabled by single-owner control.

evmaccess-controlexploit-generator
Read More
EVMRemediation

Centralization Risks Remediation

Maintained by Sigvex TeamReviewed

How to reduce centralization risk through timelocks, multi-signature wallets, on-chain governance, and hard-coded parameter caps that protect users from compromised or malicious admins.

evmaccess-control
Read More
SolanaRemediation

Clock Account Spoofing Remediation

Maintained by Sigvex TeamReviewed

How to prevent spoofed Clock sysvar accounts from manipulating time-dependent program logic.

svmaccess-control
Read More
SolanaRemediation

Clock Staleness Remediation

Maintained by Sigvex TeamReviewed

How to fix Clock sysvar usage in financial logic to prevent post-halt exploitation.

svmtime-dependency
Read More
SolanaExploit

Close Account Drain Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates close account drain vulnerabilities in Solana programs where accounts are improperly closed, allowing an attacker to steal the rent lamports or reuse the account after closure.

svmaccount-validationexploit-generator
Read More
SolanaRemediation

Close Account Drain Remediation

Maintained by Sigvex TeamReviewed

How to safely close Solana accounts by zeroing data, verifying authority, and using the account-validation framework's close constraint to prevent rent lamport theft.

svmaccess-control
Read More
SolanaRemediation

Compute Budget Accounting Remediation

Maintained by Sigvex TeamReviewed

How to make compute costs predictable by bounding loops, batching with cursors, and checking remaining compute units before expensive operations.

svmdenial-of-service
Read More
EVMRemediation

Conditional Storage Collision Remediation

Maintained by Sigvex TeamReviewed

How to prevent path-dependent storage slot collisions between a proxy and its implementation by anchoring administrative state in standard EIP-1967 slots.

evmstorage-collisionproxy-pattern
Read More
ZKRemediation

Constraint Degree Overflow Remediation

Maintained by Sigvex TeamReviewed

How to fix constraints that exceed the R1CS quadratic degree limit by decomposing into intermediate signals.

zkconstraint-validity
Read More
SolanaRemediation

CPI Authority Downgrade Remediation

Maintained by Sigvex TeamReviewed

How to prevent privileged accounts from being delegated to unvalidated programs via cross-program invocations.

svmcpi-authority-downgrade
Read More
SolanaRemediation

CPI Cycle Remediation

Maintained by Sigvex TeamReviewed

How to fix circular CPI patterns that cause infinite loops or depth limit failures.

svmaccess-control
Read More
SolanaRemediation

CPI Data Tampering Remediation

Maintained by Sigvex TeamReviewed

How to fix CPI calls with unvalidated instruction data from untrusted sources.

svmaccess-control
Read More
SolanaRemediation

CPI in Loop DOS Remediation

Maintained by Sigvex TeamReviewed

How to fix CPI calls inside loops that can exhaust compute budget.

svmaccess-control
Read More
SolanaExploit

CPI Reentrancy Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates Cross-Program Invocation (CPI) reentrancy vulnerabilities in Solana programs by simulating a malicious program that re-enters the victim program during a CPI callback before state is updated.

svmreentrancyarbitrary-cpiexploit-generator
Read More
SolanaRemediation

CPI Reentrancy Remediation

Maintained by Sigvex TeamReviewed

How to prevent Cross-Program Invocation reentrancy by applying the check-effects-interactions pattern and using CPI guards in Solana programs.

svmarbitrary-cpiaccess-control
Read More
SolanaRemediation

CPI Signer Simulation Remediation

Maintained by Sigvex TeamReviewed

How to prevent false signer claims in cross-program invocations by validating signer status before CPI calls.

svmcpi-signer-simulation
Read More
SolanaRemediation

Critical Truncation Remediation

Maintained by Sigvex TeamReviewed

How to fix integer truncation in lamport transfers, account storage, and access control.

svminteger-overflow
Read More
EVMExploit

Cross-Chain Balance Inconsistency Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates cross-chain bridge balance inconsistency vulnerabilities including replay attacks, non-atomic operations, weak proof verification, and finality exploits that allow token supply inflation on the destination chain.

evmaccess-controlexploit-generator
Read More
EVMRemediation

Cross-Chain Balance Inconsistency Remediation

Maintained by Sigvex TeamReviewed

How to eliminate cross-chain bridge balance vulnerabilities by implementing proof deduplication, deep finality requirements, Merkle proof verification, and the lock-and-mint pattern.

evmaccess-control
Read More
EVMExploit

Cross-Chain Oracle Inconsistency Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates cross-chain oracle inconsistency vulnerabilities including L2 sequencer downtime, oracle price lag between chains, and missing the off-chain aggregator sequencer uptime feed checks.

evmoracle-manipulationexploit-generator
Read More
EVMRemediation

Cross-Chain Oracle Inconsistency Remediation

Maintained by Sigvex TeamReviewed

How to eliminate cross-chain oracle vulnerabilities by adding L2 sequencer uptime checks, grace period enforcement, and cross-source price deviation validation before reading any off-chain aggregated price feed on L2 networks.

evmoracle-manipulation
Read More
EVMExploit

Cross-Function Reentrancy Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates cross-function reentrancy vulnerabilities where shared state is inconsistent across multiple functions during an external call.

evmreentrancyexploit-generator
Read More
EVMRemediation

Cross-Function Reentrancy Remediation

Maintained by Sigvex TeamReviewed

How to prevent cross-function reentrancy by applying the Checks-Effects-Interactions pattern and reentrancy guards to all functions sharing the same state.

evmreentrancy
Read More
SolanaRemediation

Cross-Program Reinit Remediation

Maintained by Sigvex TeamReviewed

How to prevent account re-initialization through cross-program sequences by re-validating discriminators, owners, and version fields after every CPI.

svmaccount-validation
Read More
SolanaRemediation

Cross-Program State Remediation

Maintained by Sigvex TeamReviewed

How to fix stale account state after cross-program invocations by reloading accounts and re-checking invariants before use.

svmaccount-validation
Read More
EVMExploit

Default Visibility Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates default visibility vulnerabilities in Solidity contracts where missing visibility modifiers default to public, exposing sensitive initialization and admin functions.

evmaccess-controlexploit-generator
Read More
EVMRemediation

Default Visibility Remediation

Maintained by Sigvex TeamReviewed

How to eliminate default visibility vulnerabilities by always specifying explicit visibility modifiers on all functions and state variables, and upgrading to Solidity 0.5.0+ which enforces this at compile time.

evmaccess-control
Read More
SolanaRemediation

DeFi Reentrancy Remediation

Maintained by Sigvex TeamReviewed

How to prevent DeFi reentrancy by following the checks-effects-interactions pattern in vault, lending, and staking operations.

svmdefi-reentrancy
Read More
EVMExploit

Delegatecall Injection Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates unvalidated delegatecall targets by passing attacker-controlled contract addresses and checking for storage slot mutations.

evmaccess-controlproxy-patternexploit-generator
Read More
EVMRemediation

Delegatecall Remediation

Maintained by Sigvex TeamReviewed

How to safely use delegatecall in proxy patterns by validating the target address and using EIP-1967 storage slots to prevent storage collisions.

evmaccess-controlproxy-pattern
Read More
EVMExploit

Denial of Service Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates DoS vulnerabilities by simulating unbounded loop execution and external call blocking scenarios to confirm contracts can be permanently disabled.

evmdenial-of-serviceexploit-generator
Read More
EVMRemediation

Denial of Service Remediation

Maintained by Sigvex TeamReviewed

How to eliminate denial-of-service vulnerabilities by replacing push-based ETH distribution with pull withdrawal patterns and adding maximum batch sizes and pagination to prevent unbounded loop gas exhaustion.

evmdenial-of-service
Read More
EVMRemediation

Denial of Service Remediation

Maintained by Sigvex TeamReviewed

How to prevent DoS vulnerabilities in Solidity by replacing push-payment patterns with pull payments and bounding loop iterations.

evmdenial-of-service
Read More
SolanaExploit

Deserialization Attack Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates unsafe deserialization vulnerabilities in Solana programs where crafted account data causes incorrect state interpretation, type confusion, or panic in the deserialization layer.

svmaccount-validationexploit-generator
Read More
SolanaRemediation

Deserialization Attack Remediation

Maintained by Sigvex TeamReviewed

How to safely deserialize Solana account data by validating discriminators, checking program ownership, and using the account-validation framework's typed account system.

svmtype-cosplayaccount-validation
Read More
EVMRemediation

Diamond Collision Remediation

Maintained by Sigvex TeamReviewed

How to prevent storage slot collisions between facets in an EIP-2535 diamond by giving each facet its own namespaced storage struct.

evmstorage-collisionproxy-pattern
Read More
SolanaRemediation

Division by Zero Remediation

Maintained by Sigvex TeamReviewed

How to fix division operations where the divisor may be zero, preventing panics and DoS.

svminteger-overflow
Read More
ZKRemediation

Division by Zero Remediation

Maintained by Sigvex TeamReviewed

How to prevent division-by-zero risks in ZK circuits by adding non-zero constraints on divisor signals.

zkcritical
Read More
SolanaRemediation

Duplicate Mutable Accounts Remediation

Maintained by Sigvex TeamReviewed

How to prevent duplicate mutable account aliasing in Solana programs by adding key equality constraints and explicit address comparisons.

svmaccount-validation
Read More
SolanaRemediation

Emergency Pause Remediation

Maintained by Sigvex TeamReviewed

How to fix missing or vulnerable emergency pause mechanisms in Solana programs.

svmaccess-control
Read More
EVMRemediation

Empty Code Detection Remediation

Maintained by Sigvex TeamReviewed

How to stop a low-level call to a codeless address from silently succeeding, so a contract never records an interaction that never happened.

evmunchecked-return
Read More
EVMRemediation

ERC-1155 Standard Violations Remediation

Maintained by Sigvex TeamReviewed

Validate batch array lengths, invoke receiver callbacks, and declare ERC-165 support to make multi-token contracts standard-compliant.

evm
Read More
EVMExploit

ERC20 Violations Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates ERC20 standard violations by simulating non-standard token behaviors including missing return values, fee-on-transfer tokens, and rebase tokens.

evmunchecked-returnexploit-generator
Read More
EVMRemediation

ERC20 Violations Remediation

Maintained by Sigvex TeamReviewed

How to eliminate ERC20 integration vulnerabilities by using SafeERC20 for all token operations, measuring actual received amounts for fee-on-transfer tokens, and handling non-standard token behaviors such as missing return values and rebase mechanics.

evmunchecked-return
Read More
EVMRemediation

Ether Balance Assumption Remediation

Maintained by Sigvex TeamReviewed

Track deposits with internal accounting instead of relying on address(this).balance, which can be inflated by forced ETH.

evmdenial-of-service
Read More
EVMExploit

EVM Contract Fuzzing Framework

Maintained by Sigvex TeamReviewed

Sigvex coverage-guided EVM fuzzing framework with ABI-aware input generation, property-based invariant checking, symbolic execution, multi-contract execution, and transaction sequence fuzzing.

evmexploit-generator
Read More
EVMRemediation

EXTCODESIZE Bypass Remediation

Maintained by Sigvex TeamReviewed

Why code-size checks do not reliably distinguish EOAs from contracts, and what to do instead when a function must be restricted to externally owned accounts.

evmaccess-control
Read More
EVMRemediation

Fee-on-Transfer Remediation

Maintained by Sigvex TeamReviewed

Measure the actual received balance after transferFrom instead of trusting the requested amount.

evm
Read More
ZKRemediation

Feedback Loop Remediation

Maintained by Sigvex TeamReviewed

How to fix circular signal dependencies that create unsatisfiable or ambiguous constraint systems.

zkconstraint-validity
Read More
ZKRemediation

Field Overflow Remediation

Maintained by Sigvex TeamReviewed

How to prevent field overflow in ZK circuit arithmetic by adding range constraints on signals before operations.

zkinteger-overflow
Read More
EVMRemediation

Flash Loan Attack Vector Remediation

Maintained by Sigvex TeamReviewed

How to eliminate flash loan attack surfaces by replacing manipulable spot prices with time-weighted average prices and adding sanity bounds on price inputs.

evmflash-loanoracle-manipulation
Read More
EVMExploit

Flash Loan Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates flash loan vulnerabilities by comparing contract execution under normal vs. temporarily-inflated balance conditions.

evmflash-loanexploit-generator
Read More
SolanaRemediation

Flash Loan Validation Remediation

Maintained by Sigvex TeamReviewed

How to enforce flash loan repayment validation to prevent borrowers from defaulting on loans.

svmflash-loan-validation
Read More
EVMRemediation

Floating Pragma Remediation

Maintained by Sigvex TeamReviewed

Pin the Solidity compiler version so deployed bytecode matches what was reviewed.

evm
Read More
EVMExploit

Front-Running and MEV Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates transaction ordering vulnerabilities by simulating how different gas prices and transaction sequences affect contract outcomes.

evmfront-runningexploit-generator
Read More
EVMRemediation

Front-Running Remediation

Maintained by Sigvex TeamReviewed

How to reduce front-running exposure through commit-reveal schemes, slippage protection, and transaction batching.

evmfront-running
Read More
EVMRemediation

Gas Griefing Remediation

Maintained by Sigvex TeamReviewed

Reserve a gas minimum, forward a bounded amount, and require inner call success so callers cannot starve nested calls.

evmdenial-of-service
Read More
EVMRemediation

Gas Optimization Remediation

Maintained by Sigvex TeamReviewed

Cache repeated storage reads, pack adjacent variables, and use calldata to cut gas without changing semantics.

evmgas-optimization
Read More
EVMExploit

Governance Attack Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates DAO governance vulnerabilities by simulating flash loan vote acquisition, insufficient quorum scenarios, and timelock bypass.

evmaccess-controlflash-loanexploit-generator
Read More
EVMRemediation

Governance Attack Remediation

Maintained by Sigvex TeamReviewed

How to protect DAO governance systems against flash loan vote acquisition, low quorum exploitation, and timelock bypass using voting snapshots, mandatory delays, and flash loan-resistant token designs.

evmaccess-controlflash-loan
Read More
EVMRemediation

Hardcoded Gas Values Remediation

Maintained by Sigvex TeamReviewed

Forward available gas with call instead of relying on fixed stipends that break across hard forks and L2s.

evmgas-optimization
Read More
EVMRemediation

Hash Collision Remediation

Maintained by Sigvex TeamReviewed

Use abi.encode instead of abi.encodePacked when hashing multiple dynamic arguments to prevent collisions.

evmaccess-control
Read More
SolanaRemediation

Hash Collision Remediation

Maintained by Sigvex TeamReviewed

How to fix hash collision vulnerabilities caused by truncation, weak algorithms, or small inputs.

svmaccess-control
Read More
EVMRemediation

Incorrect Constructor Remediation

Maintained by Sigvex TeamReviewed

How to ensure initialization code runs once at deployment and cannot be re-invoked, using the constructor keyword or a guarded initializer.

evmaccess-control
Read More
EVMRemediation

Incorrect Exponent Remediation

Maintained by Sigvex TeamReviewed

Replace the XOR operator with exponentiation or scientific notation in scaling calculations.

evminteger-overflow
Read More
EVMRemediation

Inheritance Order Remediation

Maintained by Sigvex TeamReviewed

Order base contracts from most general to most derived so C3 linearization resolves overrides as intended.

evm
Read More
EVMRemediation

Input Validation Remediation

Maintained by Sigvex TeamReviewed

How to properly validate user-supplied inputs in smart contracts to prevent arbitrary fund routing, unbounded operations, and zero-address vulnerabilities.

evmaccess-controlcritical
Read More
EVMExploit

Integer Overflow Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates unchecked arithmetic vulnerabilities by supplying maximum uint256 values and checking whether the execution reverts.

evminteger-overflowexploit-generator
Read More
EVMRemediation

Integer Overflow Remediation

Maintained by Sigvex TeamReviewed

How to eliminate integer overflow and underflow vulnerabilities in Solidity by using Solidity 0.8+ checked arithmetic and safe unchecked block practices.

evminteger-overflow
Read More
SolanaRemediation

Integer Overflow Remediation (SVM)

Maintained by Sigvex TeamReviewed

How to prevent integer overflow and underflow in Solana programs by using checked arithmetic methods and the account-validation framework checked_math! macro.

svminteger-overflow
Read More
SolanaExploit

Lamport Drain Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates lamport drain vulnerabilities in Solana programs by simulating an attack that drains all lamports from an account the program fails to adequately protect, with impact reported as potential SOL loss.

svmaccount-validationexploit-generator
Read More
SolanaRemediation

Lamport Drain Remediation

Maintained by Sigvex TeamReviewed

How to prevent unauthorized SOL transfers by validating signer authorization and stored authority before any lamport modification.

svmaccess-control
Read More
SolanaRemediation

Lamport Underflow Remediation

Maintained by Sigvex TeamReviewed

How to fix lamport transfers that may exceed available balance or violate rent-exempt minimums.

svminteger-overflow
Read More
EVMRemediation

Locked Ether Remediation

Maintained by Sigvex TeamReviewed

Add an access-controlled withdrawal path to contracts that accept ETH, or remove payability the contract does not need.

evm
Read More
SolanaRemediation

Mint Authority Abuse Remediation

Maintained by Sigvex TeamReviewed

How to validate mint authority before token minting operations to prevent unauthorized supply inflation.

svmmint-authority-abuse
Read More
SolanaRemediation

Missing Owner Check Remediation

Maintained by Sigvex TeamReviewed

How to add proper account ownership validation in Solana programs to prevent unauthorized access via accounts owned by other programs.

svmaccount-validationaccess-control
Read More
ZKRemediation

Missing Range Check Remediation

Maintained by Sigvex TeamReviewed

How to fix missing range constraints on signals used in size-sensitive operations.

zkunder-constrained
Read More
SolanaExploit

Missing Rent Check Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates missing rent-exempt check vulnerabilities in Solana programs where accounts with insufficient lamport balances may be garbage-collected by the runtime, causing unexpected program failures.

svmaccount-validationexploit-generator
Read More
SolanaRemediation

Missing Rent Check Remediation

Maintained by Sigvex TeamReviewed

How to verify rent exemption when creating or modifying Solana accounts to prevent garbage collection of program-owned accounts.

svmaccount-validation
Read More
SolanaExploit

Missing Signer Check Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates missing signer check vulnerabilities in Solana programs by simulating instruction execution without required signatures, confirming unauthorized access to protected program logic.

svmmissing-signer-checkexploit-generator
Read More
SolanaRemediation

Missing Signer Check Remediation

Maintained by Sigvex TeamReviewed

How to add proper signer verification before privileged operations in Solana programs using both native and Anchor approaches.

svmmissing-signer-checkaccess-control
Read More
SolanaRemediation

Missing Writable Check Remediation

Maintained by Sigvex TeamReviewed

How to add is_writable validation before account modifications in Solana native programs and use the account-validation framework's #[account(mut)] constraint.

svmaccount-validation
Read More
SolanaRemediation

Multi-Hop CPI Remediation

Maintained by Sigvex TeamReviewed

How to secure multi-hop CPI chains by validating program IDs at every hop, re-validating state between calls, and staying clear of the invocation depth limit.

svmarbitrary-cpi
Read More
SolanaRemediation

Multi-Sig Validation Remediation

Maintained by Sigvex TeamReviewed

How to fix multi-signature validation weaknesses including thresholds, replay protection, and signer verification.

svmaccess-control
Read More
ZKRemediation

Noir Circuit Vulnerabilities Remediation

Maintained by Sigvex TeamReviewed

How to fix Noir-specific vulnerabilities including unconstrained function misuse, oracle manipulation, and Brillig escapes.

zkunder-constrainedaccess-control
Read More
ZKRemediation

Nondeterministic Conditional Remediation

Maintained by Sigvex TeamReviewed

How to replace if/else logic in unconstrained assignments with constrained multiplexer selection so the proof enforces the branch choice.

zkunder-constrained
Read More
EVMExploit

Oracle Failure Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates oracle failure vulnerabilities by testing contract behavior when price feeds return zero, extreme, or unavailable values.

evmoracle-manipulationexploit-generator
Read More
EVMRemediation

Oracle Failure Remediation

Maintained by Sigvex TeamReviewed

How to harden contracts against oracle failure modes — zero prices, extreme values, and feed unavailability — using input validation, bounds checking, fallback oracles, and circuit breakers.

evmoracle-manipulation
Read More
EVMExploit

Oracle Manipulation Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates spot-price oracle manipulation by comparing contract execution under normal vs. artificially imbalanced DEX reserve configurations.

evmoracle-manipulationexploit-generator
Read More
EVMRemediation

Oracle Manipulation Remediation

Maintained by Sigvex TeamReviewed

How to eliminate oracle manipulation vulnerabilities by replacing spot prices with time-weighted averages and using decentralized oracle networks.

evmoracle-manipulation
Read More
SolanaRemediation

Oracle Manipulation Remediation (Solana)

Maintained by Sigvex TeamReviewed

How to defend Solana DeFi programs against oracle price manipulation through account ownership verification, staleness checks, confidence interval validation, and multi-oracle aggregation.

svmstatic-analysisdata-flow
Read More
EVMRemediation

Outdated Compiler Remediation

Maintained by Sigvex TeamReviewed

Upgrade to a current pinned Solidity release and verify your build settings do not trigger known compiler advisories.

evm
Read More
SolanaExploit

PDA Manipulation Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates PDA (Program Derived Address) manipulation vulnerabilities in Solana programs by simulating an attack that passes a fake PDA to bypass program authority validation.

svmpda-validationexploit-generator
Read More
SolanaRemediation

PDA Manipulation Remediation

Maintained by Sigvex TeamReviewed

How to prevent PDA substitution attacks by using canonical bumps, storing bump seeds, and verifying PDA derivation with the account-validation framework's seeds constraint.

svmpda-validation
Read More
SolanaRemediation

PDA Seed Collision Remediation

Maintained by Sigvex TeamReviewed

How to prevent PDA seed collisions that allow distinct logical accounts to resolve to the same address.

svmpda-validation
Read More
SolanaRemediation

PDA Signer Seed Extraction Remediation

Maintained by Sigvex TeamReviewed

How to protect PDA signer seeds from extraction by using domain separation and program-controlled seed components.

svmpda-signer-seed-extraction
Read More
SolanaRemediation

PDA Validation Remediation

Maintained by Sigvex TeamReviewed

How to fix missing PDA address validation that allows attackers to substitute attacker-controlled accounts.

svmpda-validation
Read More
EVMRemediation

Precision Errors Remediation

Maintained by Sigvex TeamReviewed

How to eliminate precision loss in Solidity financial calculations by reordering operations, using scaling factors, and applying explicit rounding direction.

evminteger-overflow
Read More
SolanaRemediation

Precision Errors Remediation

Maintained by Sigvex TeamReviewed

How to fix precision loss and rounding errors in DeFi calculations.

svminteger-overflow
Read More
EVMExploit

Price Deviation Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates price deviation vulnerabilities by submitting extreme price updates (10x increase, 90% crash) and confirming whether the contract accepts them without bounds checking.

evmoracle-manipulationexploit-generator
Read More
EVMRemediation

Price Deviation Remediation

Maintained by Sigvex TeamReviewed

How to protect protocols from extreme price movements and flash loan manipulation using deviation bounds, TWAP comparison, circuit breakers, and absolute price range constraints.

evmoracle-manipulation
Read More
ZKRemediation

Private Input Unchecked Remediation

Maintained by Sigvex TeamReviewed

How to fix unchecked private inputs in Noir by adding assertions that constrain witness values.

zkprivate-input-unchecked
Read More
EVMExploit

Read-Only Reentrancy Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates read-only reentrancy vulnerabilities where view functions return stale state during an external call, misleading dependent protocols.

evmreentrancyexploit-generator
Read More
EVMExploit

Reentrancy Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates reentrancy vulnerabilities by simulating recursive drain attacks against withdraw-pattern functions.

evmreentrancyexploit-generator
Read More
EVMRemediation

Reentrancy Remediation

Maintained by Sigvex TeamReviewed

How to eliminate reentrancy vulnerabilities by applying the Checks-Effects-Interactions pattern and using reentrancy guards.

evmreentrancy
Read More
SolanaRemediation

Remediating Account Alias Attacks

Maintained by Sigvex TeamReviewed

How to prevent account role confusion by explicitly validating that accounts in distinct roles have distinct addresses.

svmaccount-validationaccess-control
Read More
EVMRemediation

Remediating Atomic State Update Violations

Maintained by Sigvex TeamReviewed

How to ensure multi-step state updates maintain invariant consistency using intermediate checks, reentrancy guards, and explicit state machine patterns.

evmlogic-error
Read More
SolanaRemediation

Remediating Authority Chain Validation

Maintained by Sigvex TeamReviewed

How to ensure that delegated PDA signing authority is verified at each hop in a multi-step CPI chain, preventing intermediate programs from abusing implicitly inherited authority.

svmaccess-controlcontrol-flow
Read More
EVMRemediation

Remediating Bridge Security Vulnerabilities

Maintained by Sigvex TeamReviewed

How to protect cross-chain bridge implementations against missing message verification, replay attacks, unauthorized relay, and protocol-specific a cross-chain messaging protocol, Axelar, and Hyperlane integration errors.

evmaccess-controlcontrol-flow
Read More
EVMRemediation

Remediating Business Logic Errors

Maintained by Sigvex TeamReviewed

How to identify and fix business logic errors by enforcing protocol invariants, correctly ordering state updates, and validating edge cases.

evmaccess-controldata-flow
Read More
SolanaRemediation

Remediating CPI Program ID Validation

Maintained by Sigvex TeamReviewed

How to ensure Cross-Program Invocations target the intended program by validating program account keys before invocation.

svmaccess-controldata-flow
Read More
EVMRemediation

Remediating Decimal Mismatch

Maintained by Sigvex TeamReviewed

How to normalize token decimal precision before arithmetic to prevent over/under-payment vulnerabilities.

evminteger-overflow
Read More
EVMRemediation

Remediating DoS with Failed Call

Maintained by Sigvex TeamReviewed

How to prevent denial of service from unchecked external calls in loops using error handling, pull patterns, and try/catch.

evmdenial-of-service
Read More
EVMRemediation

Remediating Governance Attacks

Maintained by Sigvex TeamReviewed

How to protect DAO governance mechanisms against flash loan voting, timelock bypass, quorum manipulation, and treasury drain attacks.

evmaccess-controlcontrol-flow
Read More
EVMRemediation

Remediating Immutable Violation

Maintained by Sigvex TeamReviewed

How to enforce immutability of constructor-set variables using the immutable keyword and initialization guards.

evmaccess-control
Read More
EVMRemediation

Remediating Initializer Reentrancy

Maintained by Sigvex TeamReviewed

How to prevent reentrancy in proxy initializer functions by using OpenZeppelin's Initializable modifier and setting the initialization flag before external calls.

evmreentrancy
Read More
SolanaRemediation

Remediating Input Validation

Maintained by Sigvex TeamReviewed

How to validate user-controlled instruction data and account fields in Solana programs.

svmaccount-validation
Read More
EVMRemediation

Remediating Loop Gas Exhaustion

Maintained by Sigvex TeamReviewed

How to prevent DoS via block gas limit exhaustion by adding maximum iteration limits, pagination, and pull-over-push patterns.

evmdenial-of-service
Read More
EVMRemediation

Remediating Memory Expansion DoS

Maintained by Sigvex TeamReviewed

How to prevent out-of-gas denial of service by bounding memory allocation size in functions that process untrusted input.

evmdenial-of-service
Read More
EVMRemediation

Remediating Metamorphic Contract Risks

Maintained by Sigvex TeamReviewed

How to prevent code replacement attacks by removing SELFDESTRUCT from CREATE2-deployed contracts and using standard proxy patterns.

evmcode-replacement
Read More
EVMRemediation

Remediating Off-By-One Errors

Maintained by Sigvex TeamReviewed

How to fix off-by-one errors in loop boundaries by using correct comparison operators and avoiding length-1 patterns.

evmlogic-error
Read More
EVMRemediation

Remediating Read-Only Reentrancy

Maintained by Sigvex TeamReviewed

How to prevent read-only reentrancy by ensuring state is consistent before external calls and protecting price-reading functions from mid-execution observations.

evmreentrancycontrol-flow
Read More
SolanaRemediation

Remediating Remaining Accounts Injection

Maintained by Sigvex TeamReviewed

How to safely use ctx.remaining_accounts by validating account ownership, type discriminators, and writability before any privileged operations.

svmaccount-validationaccess-control
Read More
EVMRemediation

Remediating Reward and Incentive Manipulation

Maintained by Sigvex TeamReviewed

How to protect staking and yield farming contracts against flash loan pool manipulation, timestamp gaming, and division-before-multiplication precision loss.

evmoracle-manipulationdata-flow
Read More
EVMRemediation

Remediating Stale Off-Chain Price Feed

Maintained by Sigvex TeamReviewed

How to validate off-chain aggregated oracle data freshness by checking the updatedAt timestamp, answer validity, and round completeness before consuming price data.

evmoracle-manipulationdata-flow
Read More
EVMRemediation

Remediating Token Hook Reentrancy

Maintained by Sigvex TeamReviewed

How to prevent reentrancy through ERC-777, ERC-1155, and ERC-4626 callback hooks using the CEI pattern and reentrancy guards.

evmreentrancy
Read More
EVMRemediation

Remediating Uninitialized UUPS Proxy

Maintained by Sigvex TeamReviewed

How to protect UUPS proxy implementations from front-running attacks by disabling initializers on the implementation contract.

evmproxy-patternaccess-control
Read More
EVMRemediation

Remediating Vault Inflation Attacks

Maintained by Sigvex TeamReviewed

How to protect ERC-4626 vaults from first-depositor share price inflation attacks using virtual shares, dead share seeding, or minimum deposit requirements.

evminteger-overflowdata-flow
Read More
SolanaRemediation

Rent Collection Exploit Remediation

Maintained by Sigvex TeamReviewed

How to keep accounts rent-exempt through withdrawals and reallocations by computing minimum balances dynamically and enforcing them on every lamport movement.

svmdenial-of-service
Read More
EVMExploit

Requirement Violations Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates requirement violation findings by classifying the specific check failure — incorrect comparison, missing validation, assert misuse, or arithmetic overflow — and documenting the exploit path.

evmunchecked-returnexploit-generator
Read More
EVMRemediation

Requirement Violations Remediation

Maintained by Sigvex TeamReviewed

How to eliminate requirement violation vulnerabilities by correcting comparison operators, adding missing input validation guards, replacing assert with require for user-facing checks, and upgrading to Solidity 0.8.0 for built-in overflow protection.

evmaccess-control
Read More
EVMRemediation

Royalty Bypass Remediation

Maintained by Sigvex TeamReviewed

Query and enforce ERC-2981 royalty payments inside marketplace sale logic so creator revenue cannot be circumvented.

evm
Read More
EVMRemediation

RTLO Unicode Remediation

Maintained by Sigvex TeamReviewed

Reject bidirectional Unicode control characters in source and CI so code cannot be visually disguised as benign.

evm
Read More
EVMRemediation

Sandwich Attack Remediation

Maintained by Sigvex TeamReviewed

Enforce minimum-output and deadline checks on swap functions so MEV searchers cannot extract value by bracketing trades.

evmfront-running
Read More
EVMRemediation

Selfdestruct Remediation

Maintained by Sigvex TeamReviewed

How to eliminate selfdestruct vulnerabilities by replacing balance-dependent invariants with internal accounting, protecting library contracts from direct initialisation, and avoiding the SELFDESTRUCT opcode entirely.

evmdenial-of-service
Read More
EVMExploit

Selfdestruct Vulnerability Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates selfdestruct vulnerabilities including unprotected self-destruction, library-based destruction (Parity-style), and forced ETH reception.

evmaccess-controlexploit-generator
Read More
EVMRemediation

Short Address Attack Remediation

Maintained by Sigvex TeamReviewed

Validate calldata length on token transfers so truncated addresses cannot left-shift the amount parameter.

evm
Read More
EVMRemediation

Sign Extension Overflow Remediation

Maintained by Sigvex TeamReviewed

Validate the sign of a value before casting between signed and unsigned integer types so negative values cannot become huge positives.

evminteger-overflow
Read More
ZKRemediation

Signal Aliasing Remediation

Maintained by Sigvex TeamReviewed

How to fix redundant equality constraints that create aliases without adding security.

zkunder-constrained
Read More
ZKRemediation

Signal as Array Index Remediation

Maintained by Sigvex TeamReviewed

How to fix unconstrained signals used as array indices by using constrained multiplexer circuits.

zkunder-constrained
Read More
ZKRemediation

Signal Mutation in Loop Remediation

Maintained by Sigvex TeamReviewed

How to fix self-referential signal mutations in loops by using signal arrays with per-step constraints.

zkunder-constrained
Read More
ZKRemediation

Signal Reuse Remediation

Maintained by Sigvex TeamReviewed

How to fix signals assigned multiple times by using distinct signals or arrays for each computed value.

zkunder-constrained
Read More
EVMExploit

Signature Malleability Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates ECDSA signature malleability vulnerabilities by computing the alternative valid s value and confirming that both signatures recover to the same address.

evmaccess-controlexploit-generator
Read More
EVMRemediation

Signature Malleability Remediation

Maintained by Sigvex TeamReviewed

How to prevent ECDSA signature malleability attacks by enforcing EIP-2 low-s values and tracking message hashes as nonces instead of signature hashes.

evmaccess-control
Read More
EVMExploit

Signature Replay Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates missing replay protection in meta-transaction and permit functions by testing same-chain, cross-chain, and cross-contract replay scenarios.

evmaccess-controlexploit-generator
Read More
EVMRemediation

Signature Replay Remediation

Maintained by Sigvex TeamReviewed

How to prevent signature replay attacks by binding signed messages to a nonce, deadline, chain ID, and contract address using EIP-712.

evmaccess-control
Read More
SolanaRemediation

Signature Replay Remediation (SVM)

Maintained by Sigvex TeamReviewed

How to prevent signature replay in Solana programs by including a nonce and deadline in the signed message and incrementing the nonce after each successful verification.

svmaccess-control
Read More
EVMRemediation

Signature Verification Remediation

Maintained by Sigvex TeamReviewed

Verify ECDSA signatures with EIP-712 typed data, a domain separator, nonce, and a strict signer check to prevent forgery and replay.

evmaccess-control
Read More
EVMExploit

Single Oracle Dependency Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates single oracle dependency vulnerabilities by simulating primary oracle failure with no fallback, confirming protocols that halt or misbehave when the sole price source goes offline.

evmoracle-manipulationexploit-generator
Read More
EVMRemediation

Single Oracle Dependency Remediation

Maintained by Sigvex TeamReviewed

How to eliminate single oracle dependency by implementing multi-source price architectures, cross-validation, and circuit breakers that keep protocols functioning when any individual feed fails.

evmoracle-manipulation
Read More
EVMRemediation

Slippage Validation Remediation

Maintained by Sigvex TeamReviewed

How to add slippage protection to DEX swap operations by exposing minimum output parameters and bounded deadlines to callers.

evmfront-running
Read More
SolanaRemediation

SPL Governance Attack Remediation

Maintained by Sigvex TeamReviewed

How to protect governance implementations from flash governance, quorum bypass, and timelock circumvention.

svmspl-governance-attack
Read More
EVMExploit

Stale Oracle Data Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates aggregated oracle staleness vulnerabilities by executing contracts against fresh, stale (24-hour-old), and incomplete-round oracle configurations.

evmoracle-manipulationexploit-generator
Read More
EVMRemediation

Stale Oracle Data Remediation

Maintained by Sigvex TeamReviewed

How to eliminate stale off-chain price-feed vulnerabilities by validating all latestRoundData return fields, enforcing heartbeat-based freshness thresholds, and adding L2 sequencer uptime checks.

evmoracle-manipulation
Read More
EVMRemediation

Storage Collision Remediation

Maintained by Sigvex TeamReviewed

How to prevent proxy storage collisions by using EIP-1967 unstructured storage slots for all proxy administrative variables.

evmstorage-collisionproxy-pattern
Read More
SolanaExploit

SVM Program Fuzzing Framework

Maintained by Sigvex TeamReviewed

Sigvex coverage-guided Solana program fuzzing framework with instruction-aware input generation, account state fuzzing, CPI simulation, invariant checking, and crash detection for Solana-specific vulnerability classes.

svmexploit-generator
Read More
SolanaRemediation

Sysvar Account Spoofing Remediation

Maintained by Sigvex TeamReviewed

How to prevent sysvar spoofing by validating account keys or using the Sysvar::get() API.

svmsysvar-account-spoofing
Read More
ZKRemediation

Template Misuse Remediation

Maintained by Sigvex TeamReviewed

How to fix incorrect template instantiation patterns including parameter mismatches and unconstrained wiring.

zkunder-constrained
Read More
SolanaRemediation

Timelock Operations Remediation

Maintained by Sigvex TeamReviewed

How to fix missing timelock delays, timestamp validation issues, and unprotected cancellation.

svmaccess-control
Read More
EVMRemediation

Timestamp Dependence Remediation

Maintained by Sigvex TeamReviewed

How to eliminate exploitable timestamp dependence by replacing block.timestamp with block numbers, commit-reveal schemes, or off-chain randomness.

evmfront-running
Read More
EVMExploit

Timestamp Manipulation Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates block.timestamp dependency vulnerabilities by executing contracts at shifted timestamps (±900 seconds) to detect miner-manipulable randomness and time-lock bypasses.

evmfront-runningexploit-generator
Read More
EVMRemediation

Timestamp Manipulation Remediation

Maintained by Sigvex TeamReviewed

How to eliminate block.timestamp dependency vulnerabilities by replacing miner-manipulable timestamp randomness and time-locks with an off-chain verifiable random function service and block-number-based logic.

evmfront-running
Read More
EVMExploit

Timestamp-Based External Triggers Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates cross-chain timestamp coordination vulnerabilities including block time variation, clock drift between chains, and race conditions in time-sensitive cross-chain operations.

evmfront-runningexploit-generator
Read More
EVMRemediation

Timestamp-Based External Triggers Remediation

Maintained by Sigvex TeamReviewed

How to eliminate cross-chain timestamp coordination vulnerabilities by replacing exact timestamp matching with nonce-based identifiers and time-window validation that tolerates clock drift and miner manipulation.

evmfront-running
Read More
SolanaRemediation

Token-2022 CPI Guard Bypass Remediation

Maintained by Sigvex TeamReviewed

How to handle CPI-Guard-protected Token-2022 accounts so program-initiated transfers do not fail blind or record phantom movements.

svmaccess-control
Read More
SolanaRemediation

Token-2022 Immutable Owner Remediation

Maintained by Sigvex TeamReviewed

How to protect protocol token accounts from owner reassignment by initializing the Token-2022 Immutable Owner extension and verifying it on deposit.

svmaccess-control
Read More
SolanaRemediation

Token-2022 Permanent Delegate Remediation

Maintained by Sigvex TeamReviewed

How to validate the Token-2022 permanent delegate before trusting a mint, so an issuer cannot silently seize user balances.

svmaccess-control
Read More
ZKRemediation

Trivial Constraint Remediation

Maintained by Sigvex TeamReviewed

How to fix constraints that are always satisfied regardless of signal values.

zkunder-constrained
Read More
EVMExploit

tx.origin Authentication Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates tx.origin authentication vulnerabilities by simulating a phishing scenario where an intermediary contract calls the victim with the owner's tx.origin.

evmaccess-controlexploit-generator
Read More
EVMRemediation

tx.origin Authentication Remediation

Maintained by Sigvex TeamReviewed

How to eliminate tx.origin authentication vulnerabilities by replacing all tx.origin identity checks with msg.sender, which correctly identifies the immediate caller and is not vulnerable to phishing via intermediary contracts.

evmaccess-control
Read More
SolanaRemediation

Type Cosplay Remediation

Maintained by Sigvex TeamReviewed

How to prevent type cosplay attacks by validating the account discriminator before deserializing account data.

svmtype-cosplayaccount-validation
Read More
EVMRemediation

Typographical Error Remediation

Maintained by Sigvex TeamReviewed

Replace accidental assignments with the intended compound operators and add invariant tests that catch overwrite-instead-of-accumulate bugs.

evm
Read More
ZKRemediation

Unassigned Output Remediation

Maintained by Sigvex TeamReviewed

How to fix output signals that are declared but never assigned by wiring them to the circuit's computation with constraining assignments.

zkunder-constrained
Read More
SolanaRemediation

Unchecked Arithmetic Remediation

Maintained by Sigvex TeamReviewed

How to fix unchecked arithmetic operations that could silently overflow or underflow.

svminteger-overflow
Read More
EVMRemediation

Unchecked Call Remediation

Maintained by Sigvex TeamReviewed

How to safely handle external call return values in Solidity to prevent silent failures from ignored CALL, SEND, and low-level call results.

evmunchecked-return
Read More
ZKRemediation

Unchecked Component Remediation

Maintained by Sigvex TeamReviewed

How to fix component instances with disconnected inputs or outputs that do not contribute to circuit security.

zkunder-constrained
Read More
EVMExploit

Unchecked ERC20 Operations Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates unsafe ERC20 token operations by simulating standard, USDT-like, and malicious token interactions to detect missing return value checks.

evmunchecked-returnexploit-generator
Read More
EVMRemediation

Unchecked ERC20 Operations Remediation

Maintained by Sigvex TeamReviewed

How to safely handle ERC20 token transfers by using SafeERC20.safeTransfer, accounting for fee-on-transfer tokens, and avoiding the token approve-transferFrom race condition.

evmunchecked-return
Read More
EVMExploit

Unchecked External Call Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates unchecked call return values by sending ETH to a contract that always reverts and checking whether the victim's state updates regardless.

evmunchecked-returnexploit-generator
Read More
SolanaRemediation

Unchecked Fee/Rent Math Remediation

Maintained by Sigvex TeamReviewed

How to use checked arithmetic in fee and rent calculations to prevent overflow and underflow exploits.

svmunchecked-fee-rent-math
Read More
EVMRemediation

Unchecked Subtraction Remediation

Maintained by Sigvex TeamReviewed

How to prevent integer underflow in Solidity by using Solidity 0.8+ default arithmetic, adding explicit balance checks before subtraction, and using SafeMath in legacy contracts.

evminteger-overflow
Read More
ZKRemediation

Unconnected Component Inputs Remediation

Maintained by Sigvex TeamReviewed

How to fix unconnected component inputs by wiring all sub-circuit inputs to parent signals using constraining assignments.

zkunconnected-component
Read More
ZKRemediation

Unconstrained Output Remediation

Maintained by Sigvex TeamReviewed

How to fix unconstrained output signals by adding constraining assignments or explicit constraints.

zkunconstrained-output
Read More
ZKRemediation

Unconstrained Public Input Remediation

Maintained by Sigvex TeamReviewed

How to fix unconstrained public inputs by adding constraints that bind them to the circuit's computation.

zkunconstrained-public-input
Read More
EVMExploit

Uninitialized Storage Pointer Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates uninitialized storage pointer vulnerabilities by checking whether uninitialized struct or array pointers overwrite critical storage slots including owner and balance variables.

evmstorage-collisionexploit-generator
Read More
EVMRemediation

Uninitialized Storage Pointer Remediation

Maintained by Sigvex TeamReviewed

How to eliminate uninitialized storage pointer vulnerabilities by upgrading to Solidity 0.5.0+ and always assigning storage references to explicit mapping or array slots.

evmstorage-collision
Read More
ZKRemediation

Unsafe Comparison Remediation

Maintained by Sigvex TeamReviewed

How to fix comparison operators in unconstrained assignments by using constrained circomlib comparator components.

zkunder-constrained
Read More
EVMRemediation

Unsafe Delegatecall Remediation

Maintained by Sigvex TeamReviewed

How to prevent contract takeover via delegatecall by fixing the target address to a trusted, immutable implementation instead of accepting it from callers or unguarded storage.

evmaccess-control
Read More
EVMRemediation

Unused Variables Remediation

Maintained by Sigvex TeamReviewed

Remove dead state variables or wire them into the logic they were meant to feed, and confirm off-chain consumers before deleting public state.

evm
Read More
EVMExploit

Validator/Relayer Compromise Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates bridge validator and relayer compromise vulnerabilities including low M-of-N thresholds, key management failures, centralized relayers, and missing validator rotation — with the Ronin Bridge ($625M) as the canonical attack scenario.

evmaccess-controlexploit-generator
Read More
EVMRemediation

Validator/Relayer Compromise Remediation

Maintained by Sigvex TeamReviewed

How to harden bridge validator and relayer infrastructure against compromise through high consensus thresholds, hardware key management, validator diversity, rotation schedules, and fraud proof challenge windows.

evmaccess-control
Read More
EVMRemediation

Variable Shadowing Remediation

Maintained by Sigvex TeamReviewed

Remove duplicate variable declarations that hide parent-contract or outer-scope state so reads and writes target the intended slot.

evm
Read More
SolanaRemediation

Vault Manipulation Remediation

Maintained by Sigvex TeamReviewed

How to protect DeFi vault state from unauthorized modifications through access control and invariant enforcement.

svmvault-manipulation
Read More
EVMExploit

Weak Randomness Exploit Generator

Maintained by Sigvex TeamReviewed

Sigvex exploit generator that validates randomness vulnerabilities by testing whether contract outcomes change predictably with controlled block environment variables.

evmfront-runningexploit-generator
Read More
EVMRemediation

Weak Randomness Remediation

Maintained by Sigvex TeamReviewed

How to replace predictable on-chain entropy sources with verifiable off-chain randomness from an off-chain verifiable random function service or commit-reveal schemes.

evmaccess-control
Read More
SolanaRemediation

Weak Randomness Remediation (Solana)

Maintained by Sigvex TeamReviewed

How to eliminate weak randomness vulnerabilities in Solana programs by replacing predictable on-chain entropy sources with Verifiable Random Functions (VRF) or commit-reveal schemes.

svmstatic-analysis
Read More
ZKRemediation

Witness Complexity Remediation

Maintained by Sigvex TeamReviewed

How to fix complex unconstrained witness computations by decomposing into simpler steps with per-step constraints.

zkunder-constrained
Read More