Back to Blog
securityexploit-teardownevmsolanadefivulnerability-class

The Top 10 Smart Contract Vulnerabilities in 2025: Lessons from Real Exploits

|Odin Scan Team
The Top 10 Smart Contract Vulnerabilities in 2025: Lessons from Real Exploits

2025 was the worst year for smart contract exploits since 2022. Over $2 billion stolen. The Bybit hack alone accounted for $1.5 billion. But outside that outlier, the remaining $500 million came from the same handful of bug patterns that have been draining protocols for years.

None of these vulnerabilities are new. All of them are preventable. Here are the 10 patterns ranked by total value stolen in 2025, with real examples and the specific fix for each.

1. Supply Chain and UI Attacks ($1.5B+)

The Bybit hack rewrote the playbook. $1.5 billion stolen not through a smart contract bug, but through a compromised frontend that showed signers a fake transaction. The Safe multisig contract was fine. The JavaScript serving the UI was not.

Why it matters for contract developers: Your deployment scripts, governance UIs, and signing tools are part of your attack surface. A compromised npm package in your deployment toolchain can inject malicious transactions before you sign them.

Prevention: Transaction simulation with independent verification before every signing action. Hardware wallet transaction decoding. Out-of-band hash verification for high-value transactions.

2. Oracle Misconfiguration ($50M+)

Oracle bugs remained one of the highest-frequency exploit categories in 2025. The Moonwell cbETH oracle misconfiguration ($1.78M) was the most publicized, but dozens of smaller protocols lost funds to the same pattern: using an ETH-denominated exchange rate feed where a USD price was expected.

The pattern:

// Wrong: cbETH/ETH exchange rate (~1.12) used as USD price
address oracle = CBETH_ETH_FEED;

// Right: compose cbETH/ETH * ETH/USD for actual USD price
uint256 price = cbethEthRate * ethUsdPrice / 1e8;

Prevention: Sanity check every oracle price against known bounds. For LSTs, assert the price is within 80-150% of ETH/USD. One assertion catches a multi-million dollar bug.

3. Access Control Failures ($40M+)

Missing or bypassable access controls on privileged functions. Admin functions callable by anyone. Initialization functions that can be front-run. Role checks that do not cover all paths.

In 2025, multiple protocols on Solana lost funds to missing signer checks on admin instructions. The Anchor framework provides tools to prevent this, but developers consistently forget to use has_one constraints or verify specific signer identity.

Prevention: For every privileged function, write a test that calls it from an unauthorized address and asserts it reverts. Use framework-provided access control (OpenZeppelin's Ownable2Step, Anchor's has_one constraints).

4. Reentrancy ($30M+)

Reentrancy should be a solved problem. It is the first vulnerability every Solidity developer learns about. Protocols still ship it.

2025 saw reentrancy exploits primarily through read-only reentrancy, where a view function is called mid-execution before state is updated. Protocols relying on view functions for price calculations or collateral valuation were the primary targets.

Prevention: Use nonReentrant on every function that makes external calls. Follow checks-effects-interactions. For read-only reentrancy, use reentrancy locks on view functions that are used as price sources by other protocols.

5. Flash Loan Price Manipulation ($25M+)

Flash loans amplify any economic vulnerability by eliminating capital constraints. In 2025, flash loan attacks targeted smaller DEXes and lending protocols that used spot AMM prices instead of TWAPs or external oracles.

The pattern:

  1. Flash borrow a large amount
  2. Manipulate an AMM pool price
  3. Execute a profitable action at the manipulated price
  4. Repay the flash loan
  5. Profit from the spread

Prevention: Never use spot AMM prices for any value-bearing decision. Use Chainlink feeds with staleness validation, or TWAPs with a minimum 30-minute window. Design every economic action so that flash-borrowable capital cannot influence the price inputs.

6. Governance Attacks ($20M+)

Governance systems were increasingly targeted in 2025. Low-quorum proposals, flash-loan-vulnerable voting power snapshots, and proposals that look routine but contain malicious parameter changes.

The Moonwell incident was technically a governance proposal that misconfigured an oracle. The broader pattern: governance proposals receive less scrutiny than core contract code, but they execute with the same authority.

Prevention: Use historical balance snapshots for voting (not spot balances). Set meaningful quorum thresholds. Add a timelock between proposal approval and execution. Scan governance proposal scripts with the same rigor as contract code.

7. Cross-Chain Bridge Exploits ($15M+)

Bridge protocols remained high-value targets. The attack surface is large: validator sets, message verification, token mapping, and liquidity management all create opportunities. Bridge exploits in 2025 primarily targeted message verification weaknesses and validator key compromises.

Prevention: Use established bridges with proven security models. If building a bridge, implement rate limits on outflows, anomaly detection on message patterns, and assume compromise of any single component.

8. Integer Overflow in Unchecked Blocks ($10M+)

Solidity 0.8 reverts on overflow by default. But developers use unchecked blocks for gas optimization, and those blocks remove the protection. In 2025, several exploits targeted arithmetic in unchecked blocks where overflow was not actually impossible.

On Solana, Rust's release mode wraps on overflow silently. Protocols that did not use checked arithmetic on user-supplied amounts lost funds to overflow attacks.

Prevention: Never use unchecked on user-supplied values. Only use it in loops where overflow is provably impossible. On Rust/Solana, use checked_add, checked_mul for all arithmetic on amounts.

9. Signature Replay ($8M+)

Valid signatures re-used on different chains, in different contracts, or after their intended validity window. EIP-712 solves this comprehensively, but protocols continue to roll their own signature verification without chain ID, nonce, or deadline protection.

Prevention: Use EIP-712 for all off-chain signatures. Include chain ID, contract address, nonce, and deadline. Use OpenZeppelin's EIP712 implementation rather than building your own.

10. Proxy Storage Collisions ($5M+)

Upgradeable contracts with storage layout conflicts between the proxy and implementation. New state variables inserted in the wrong position. Storage slots shared between proxy admin variables and implementation state.

Prevention: Use OpenZeppelin's upgradeable contracts library. Run the OpenZeppelin Upgrades plugin validation before every upgrade. Only append new state variables at the end of existing layout. Never reorder or remove variables.

The Pattern

Eight of these ten vulnerability classes are detectable by automated analysis. Supply chain attacks and bridge validator compromises require operational security beyond code scanning. Everything else, oracle misconfiguration, access control, reentrancy, overflow, signatures, storage collisions, produces identifiable code patterns that a scanner can flag before deployment.

The protocols that got drained in 2025 were not all unaudited. Many had audits. The audits covered the codebase at a point in time. The vulnerabilities were introduced after the audit, in governance proposals, upgrade scripts, new collateral listings, and integration changes that happened between audit cycles.

Continuous scanning is what closes that gap.

Odin Scan detects 8 of the 10 vulnerability classes on this list automatically, across EVM, Solana, and CosmWasm. It runs on every PR, every commit, every governance proposal. Start your free trial and catch what your last audit missed.