Smart Contract Security Glossary

Definitions, examples, and audit checks for Solidity, EVM, and DeFi security terms.

All 63 Vulnerabilities 7 EVM 7 Solidity 23 DeFi 15 Testing 3 Audit Tools 1 Standards 7

All glossary terms.

Clear filters

DeFi

15

Flash Loan Attack

A flash loan attack uses same-transaction borrowing to amplify an existing DeFi vulnerability, usually in pricing, collateral, governance, or accounting.

Oracle Manipulation

Oracle manipulation occurs when an attacker distorts a data source that a smart contract trusts, causing the contract to make decisions from unsafe data.

Price Manipulation

Price manipulation is the intentional movement of an asset, pool, share, or collateral price so a protocol values assets incorrectly.

Front-Running

Front-running is a transaction-ordering attack where an attacker observes a pending transaction and submits their own transaction so it executes first.

Sandwich Attack

A sandwich attack is a front-running pattern where an attacker places one transaction before and one after a victim trade to profit from the victim's price impact.

MEV

MEV, or maximal extractable value, is value that can be extracted from transaction inclusion, exclusion, or ordering beyond normal block rewards and fees.

Slippage

Slippage is the difference between the expected trade price and the actual execution price, often caused by liquidity, volatility, or transaction ordering.

ERC-20 Approval Race Condition

The ERC-20 approval race condition is a token allowance issue where a spender can use an old allowance before a new allowance change takes effect.

TWAP Oracle

A TWAP oracle reports a time-weighted average price over a chosen window instead of relying on a single spot price.

Liquidation

Liquidation is a protocol action that repays or closes an undercollateralized borrow position and transfers collateral according to the protocol's rules.

Health Factor

A health factor is a lending-risk metric that compares a borrower's adjusted collateral value against their debt.

Precision Loss

Precision loss happens when integer arithmetic drops fractional value during division, scaling, or fixed-point conversions.

Rounding Error

A rounding error is the difference between the mathematically exact result and the integer-rounded result returned by smart contract math.

Fee-on-Transfer Token

A fee-on-transfer token deducts a fee during transfer, so the recipient receives less than the amount requested by the sender.

Rebasing Token

A rebasing token changes account balances automatically when supply is adjusted, without requiring each holder to send or receive a normal transfer.