Smart Contract Security Glossary

Checks-Effects-Interactions

Checks-Effects-Interactions is a Solidity pattern that validates inputs first, updates contract state second, and performs external calls last to reduce reentrancy risk.

Reentrancy Guard

A reentrancy guard is a lock that prevents a protected function from being entered again while it is already executing.

Proxy Initialization

Proxy initialization is the setup step that assigns initial state for an upgradeable proxy, usually through an initializer function instead of a constructor.

Integer Overflow

An integer overflow occurs when arithmetic produces a value larger than the maximum value an integer type can represent.

Upgradeable Proxy

An upgradeable proxy is a smart contract pattern where users call a stable proxy address while execution is delegated to replaceable implementation logic.

Initializer Function

An initializer is a one-time setup function used instead of a constructor when a smart contract is deployed behind an upgradeable proxy.

External Call

An external call is an interaction where one smart contract calls another address, creating a trust boundary and possible control-flow risk.

Commit-Reveal

Commit-reveal is a two-step pattern where users first submit a hidden commitment and later reveal the original value to reduce front-running.

tx.origin

tx.origin is a Solidity global variable that returns the original externally owned account that started the transaction.

Fallback Function

A fallback function is a Solidity function that runs when calldata does not match any function selector or when Ether is sent without a matching receive function.

Receive Function

A receive function is a Solidity function that runs when a contract receives plain Ether with empty calldata.

abi.encodePacked

abi.encodePacked is a Solidity encoding function that tightly packs values without the padding, offsets, and dynamic-length delimiters used by abi.encode.

Integer Underflow

Integer underflow happens when a subtraction goes below the minimum value a type can represent and wraps or reverts depending on compiler behavior.

Timelock

A timelock is a smart contract mechanism that delays execution of queued actions until a minimum waiting period has passed.

Multisig

A multisig is a wallet or account that requires approval from multiple signers before executing a transaction.

msg.sender

msg.sender is the address that directly called the current Solidity function in the current EVM call context.

ecrecover

ecrecover is Solidity's interface to the EVM precompile for recovering an Ethereum address from a secp256k1 signature over a 32-byte hash.

Merkle Proof

A Merkle proof is a list of sibling hashes used to prove that a leaf belongs to a Merkle tree with a known root.

UUPS Proxy

A UUPS proxy is an upgradeable proxy pattern where upgrade logic lives in the implementation contract instead of the proxy contract.

Transparent Proxy

A transparent proxy is an upgradeable proxy pattern where admin calls are handled by the proxy while non-admin calls are delegated to the implementation.

Diamond Proxy

A diamond proxy is an EIP-2535 upgradeable proxy pattern that routes function selectors to multiple facet contracts.

Role-Based Access Control

Role-based access control is a permission model where sensitive actions are gated by roles assigned to accounts or contracts.

Pausable

Pausable is an emergency-control pattern that lets authorized accounts temporarily disable selected contract functions.