Web3 Security Audit

OWASP Top 10 for Web3: Smart Contract Security Risks Every DeFi Builder Must Know

May 24, 2026·12 min read·NanoLab Security Research

The OWASP Top 10 has been the security community's shared reference point for web application vulnerabilities since 2003. Web3 needs its own version. Smart contracts and DeFi protocols are attacked differently than traditional web apps — the threat model is adversarial from day one, the code is public and immutable, and a single exploit can drain nine figures in minutes with no recourse.

This guide covers the ten most critical vulnerability categories facing smart contract developers and DeFi protocol builders in 2026. For each risk, we include a brief technical description, a real-world exploit that illustrates the consequences, and actionable mitigations you can apply today. Bookmark this. Share it with your team before your next deployment.

Risk Summary

WEB3-01Reentrancy Attacks

Critical

WEB3-02Flash Loan Attacks

Critical

WEB3-03Access Control Failures

Critical

WEB3-04Oracle Manipulation

High

WEB3-05Front-Running and MEV

High

WEB3-06Private Key Exposure

Critical

WEB3-07Bridge Vulnerabilities

Critical

WEB3-08Rugpull Vectors

High

WEB3-09Gas Griefing

Medium

WEB3-10Uninitialized Proxies and Storage Collisions

High

WEB3

Reentrancy Attacks

Critical

What it is

A reentrancy attack occurs when an external contract call is made before the calling contract has updated its internal state. The called contract can recursively re-enter the caller, draining funds before any balance checks take effect. This remains the most well-known vulnerability in Solidity because it directly violates the mental model most developers have about sequential execution.

Real-world exploit

The 2016 DAO hack — the exploit that triggered Ethereum's hard fork — drained roughly $60 million by recursively calling a withdrawal function before balances were zeroed. More recently, Cream Finance lost $18.8 million in October 2021 via a reentrancy path in their AMP token integration. Both cases shared the same root cause: state mutations happening after external calls.

Mitigation

Apply the Checks-Effects-Interactions (CEI) pattern rigorously: validate inputs, update state, then make external calls — in that order. Use OpenZeppelin's ReentrancyGuard modifier on any function that transfers value or interacts with arbitrary external addresses.

WEB3

Flash Loan Attacks

Critical

What it is

Flash loans allow borrowing unlimited, uncollateralized capital within a single transaction — as long as the loan is repaid before the block closes. Attackers use this to temporarily amass enormous buying power, manipulate on-chain price feeds or AMM pools, drain lending protocols, and repay the loan, all in one atomic operation. The capital requirement for the attack is near zero.

Real-world exploit

In February 2020, bZx suffered two back-to-back flash loan exploits totaling over $1 million. The attacker borrowed ETH via dYdX, used it to manipulate Uniswap's ETH/WBTC price, then borrowed disproportionate assets from bZx whose collateral was priced using that manipulated feed. Harvest Finance lost $34 million in a similar AMM manipulation attack in October 2020.

Mitigation

Never use spot prices from AMM pools as oracle inputs. Use time-weighted average prices (TWAP) from Uniswap v3 or Chainlink. Implement circuit breakers that revert if an asset price moves more than N% in a single block, and consider minimum block-lag requirements for sensitive operations.

WEB3

Access Control Failures

Critical

What it is

Privileged functions — initializers, admin setters, fund withdrawals, upgrade triggers — that lack proper authorization checks are the single most common finding in smart contract audits. Errors range from entirely missing modifiers to flawed role inheritance logic in proxy patterns. A function callable by any address that was intended for the protocol owner alone can result in total fund loss.

Real-world exploit

The Poly Network hack of August 2021 — $611 million, the largest DeFi exploit at the time — exploited a cross-chain relayer that allowed an arbitrary caller to pass a crafted message instructing the bridge to change its keeper address. Uranium Finance lost $50 million in April 2021 because a migration contract had a public function that should have been owner-only.

Mitigation

Use OpenZeppelin's AccessControl or Ownable2Step with explicit role definitions. Audit every external and public function for missing modifier coverage. For multi-admin protocols, require a Gnosis Safe or similar multi-signature scheme for all privileged operations, and enforce timelocks on any call that changes contract ownership or upgrades logic.

WEB3

Oracle Manipulation

High

What it is

Protocols that rely on a single, manipulable price source — whether an on-chain AMM pool or a poorly secured off-chain feed — are vulnerable to price oracle manipulation. An attacker with sufficient capital (or a flash loan) can skew the reported price, borrow against artificially inflated collateral, liquidate positions at favorable rates, or drain liquidity pools that use dynamic pricing.

Real-world exploit

Mango Markets was drained of $117 million in October 2022 when an attacker self-funded positions on both sides of the MNGO/USDC perp market, pumped the oracle price by ~1,000%, and borrowed against the inflated collateral value. Inverse Finance lost approximately $15 million in April 2022 via a similar spot-oracle manipulation on a low-liquidity Curve pool.

Mitigation

Use decentralized, manipulation-resistant oracles (Chainlink, Pyth, Redstone) with TWAP or aggregated feeds. Never derive prices from single low-liquidity pools. Where feasible, add sanity-check bounds: if the reported price deviates more than a defined threshold from a secondary source, revert rather than proceeding.

WEB3

Front-Running and MEV

High

What it is

Maximal Extractable Value (MEV) encompasses a class of attacks where validators, searchers, or bots reorder, insert, or censor transactions in a block to extract profit. The most user-facing form is the sandwich attack: a bot spots a large pending swap, front-runs it to buy the asset, lets the victim's trade move the price, then immediately sells at the inflated rate. The victim pays excess slippage; the bot pockets the difference.

Real-world exploit

MEV sandwich bots extracted an estimated $300+ million from Ethereum users in 2022 alone, according to MEV-Explore data. The problem is structural: public mempools are fully transparent, and any pending high-value transaction is a potential target. AMMs, NFT mints, and liquidation functions are the most common targets.

Mitigation

For AMM integrations, enforce a tight slippage tolerance and allow users to set a deadline. For protocols that require secrecy before execution, use commit-reveal schemes. Route transactions through Flashbots Protect or MEV Blocker RPC endpoints to avoid the public mempool on mainnet. Avoid patterns where the profitability of a transaction is predictable from the mempool.

WEB3

Private Key Exposure

Critical

What it is

Unlike traditional software, compromised credentials in Web3 can immediately and irreversibly drain every asset controlled by the compromised key. Protocol treasuries, multisig signers, validator nodes, and bridge relayers all represent high-value targets. Attackers use spear-phishing, compromised developer environments, malicious dependencies, and social engineering to extract private keys.

Real-world exploit

The Ronin Network breach of March 2022 — $625 million stolen — resulted from an attacker gaining control of five of nine validator private keys, enough to forge withdrawal transactions from the bridge. Four keys were compromised through a spear-phishing attack; the fifth was controlled by a single entity (Sky Mavis) through a legacy permission. No on-chain code had any bugs.

Mitigation

Use hardware security modules (HSMs) or hardware wallets (Ledger, Trezor) for all keys controlling significant value. Enforce multi-signature thresholds (3-of-5 minimum for large treasuries). Distribute signer responsibility across independent parties and geographies. Rotate keys after any security incident or team change. Conduct regular key ceremony audits.

WEB3

Bridge Vulnerabilities

Critical

What it is

Cross-chain bridges lock assets on one chain and mint equivalents on another, making them the largest honeypots in Web3 by value at risk. Bridge security depends on correct message verification, proper consensus validation, and the integrity of off-chain relayer infrastructure — a much broader attack surface than a single contract. Bridges have accounted for more than $2 billion in losses since 2021.

Real-world exploit

The Wormhole bridge lost $320 million in February 2022 when an attacker exploited a missing validation check in the Solana-side contract, creating 120,000 wETH out of thin air without locking real ETH on Ethereum. Nomad lost $190 million in August 2022 due to an initialization bug that allowed any message to pass as valid — a 'chaotic free-for-all' exploit that hundreds of copycats replicated within hours.

Mitigation

Apply formal verification to message validation logic. Require multiple independent audits before mainnet. Implement pessimistic validation: assume messages are invalid until proven valid, never the reverse. Add withdrawal rate limits and emergency pause mechanisms controlled by a multi-sig. Minimize TVL in any single bridge by distributing assets across multiple canonical solutions.

WEB3

Rugpull Vectors

High

What it is

Rugpull vectors are privileged contract functions that can be used — intentionally or through key compromise — to drain protocol funds, disable withdrawals, or manipulate token supply. These include unlimited minting functions, backdoor withdrawals hidden in proxy upgrades, and admin functions that can pause liquidity or override collateral ratios. Not all rugpulls are malicious; some result from a protocol being hacked through its own admin keys.

Real-world exploit

The Squid Game token project (October 2021) included an anti-dump mechanism that prevented all token sales except by the deployer wallet — not visible from the Etherscan token page. Developers sold $3.4 million in tokens while holders were unable to exit. Meerkat Finance (March 2021) 'deployed' a modified vault contract the day before launch that gave the deployer the ability to drain all deposited funds.

Mitigation

Renounce ownership of contracts that do not require ongoing admin access. Apply timelocks (48–72 hours minimum) to all privileged operations via OpenZeppelin's TimelockController. Publish and document all admin keys and their capabilities. Use upgrade proxy patterns only when necessary, and require multi-sig + timelock approval for any logic change. Consider immutable deployments for simple token contracts.

WEB3

Gas Griefing

Medium

What it is

Gas griefing attacks cause a target contract to consume more gas than expected or exhaust the gas limit, causing transactions to revert. The most common vector is forcing a contract to iterate over an unbounded array or to forward calls to a recipient address that deliberately consumes all forwarded gas via a fallback function. This can render a contract temporarily or permanently inoperable.

Real-world exploit

The 'StopTheCopycat' NFT contract (2020) used a loop over an unbounded registry to prevent copied drops; an attacker bloated the registry with thousands of entries to make the contract's primary function too expensive to call. Numerous yield farming contracts with push-payment models have been griefed by creating wallets that revert on ETH receipt, blocking reward distribution to all participants.

Mitigation

Use the pull-payment pattern: let users withdraw their own funds rather than having the contract push funds to them. Cap all loops to a maximum iteration count and implement pagination for large datasets. Use low-level call with a gas stipend when interacting with untrusted addresses, and handle failure gracefully rather than reverting the entire transaction.

WEB3

Uninitialized Proxies and Storage Collisions

High

What it is

Upgradeable proxy patterns separate a contract's logic from its storage, but this architecture introduces unique risks. An uninitialized implementation contract can be self-destructed or taken over by an attacker who calls the initializer directly. Storage layout collisions between a proxy and its implementation — or between two versions of an implementation — corrupt critical state variables silently and unpredictably.

Real-world exploit

The Parity Multisig wallet hack of November 2017 — $280 million permanently frozen — occurred because a shared library contract was initialized without an owner. An attacker called the public initializer, made themselves owner, then called selfdestruct, permanently breaking every wallet that depended on that library. The Audius protocol was drained of $6 million in July 2022 via a storage collision in a proxy upgrade that allowed governance proposals to hijack the proxy admin slot.

Mitigation

Always lock implementation contracts (call the initializer in the constructor to prevent external initialization). Use EIP-1967 storage slots for proxy admin and implementation addresses to prevent collisions. Use OpenZeppelin's Initializable with the initializer modifier and track initialization versions. Validate storage layouts between upgrade versions using automated tools like slither-check-upgradeability or the Hardhat upgrades plugin.

What this list does not cover

This guide focuses on smart contract-level and protocol-level vulnerabilities. It does not cover front-end phishing and wallet drainers, social engineering of team members, supply-chain attacks on npm packages, or governance capture through token accumulation — all of which have caused significant losses and deserve their own treatment.

Security is not a checklist. Each item above represents a category with dozens of variants. A thorough audit — combining automated static analysis, manual review of business logic, formal verification of critical invariants, and adversarial simulation — is the minimum bar for any protocol managing user funds.

NanoLab Smart Contract Audit

Ready to audit your protocol?

NanoLab checks for all 10 risk categories above — plus 30+ additional vulnerability patterns — in every smart contract audit. Manual review, automated analysis, and a detailed findings report starting at $499.

Explore Smart Contract Audit View Sample Report

OWASP Web3Smart Contract SecurityDeFi SecurityWeb3 Security AuditReentrancyFlash Loan AttacksOracle Manipulation