(Mastery Level — Security • zk • Cross-chain • Deployment)

⚔️ Day 8 – Smart Contract Security & Auditing

“Code without security is like a vault without a lock.”

🎯 Objective

• Understand common vulnerabilities in smart contracts.
• Learn to audit, test, and secure your contracts.
• Implement best practices using OpenZeppelin & Hardhat tools.

🧨 Top Vulnerabilities in Smart Contracts

1. Reentrancy Attack

Occurs when a contract calls another contract before updating its state — allowing the attacker to re-enter the function multiple times.

// ❌ Vulnerable
function withdraw(uint _amount) public {
    require(balances[msg.sender] >= _amount, "Not enough balance");
    (bool sent, ) = msg.sender.call{value: _amount}("");
    require(sent, "Failed");
    balances[msg.sender] -= _amount;
}

// ✅ Safe
function withdraw(uint _amount) public nonReentrant {
    require(balances[msg.sender] >= _amount, "Not enough balance");
    balances[msg.sender] -= _amount;
    (bool sent, ) = msg.sender.call{value: _amount}("");
    require(sent, "Failed");
}

Use ReentrancyGuard from OpenZeppelin:

import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
contract SafeVault is ReentrancyGuard { ... }

2. Integer Overflow / Underflow

Before Solidity 0.8, arithmetic overflow/underflow caused bugs.

In 0.8+, checks are automatic — but still use unchecked carefully for optimization.