Blog

Security research, vulnerability analysis, and product updates.

Allaccess-controlai-securityanchorannouncementsaptosauditbenchmarksbest-practicesbridgechecklistci-cdconfigurationcosmoscosmwasmdefidevopserc-3525evmexploit-teardownflash-loansgovernancelstmovemultisignorth-koreaoracleproductreentrancyresearchrustsecuritysocial-engineeringsolanasoliditysuisupply-chainsvmtestingtoolingupgradesvulnerability-class
Cross-Chain Bridge Security: Why Bridges Keep Getting Hacked
|Odin Scan Team

Cross-Chain Bridge Security: Why Bridges Keep Getting Hacked

Bridges are the highest-value targets in crypto. Over $2.5 billion stolen since 2021. The attack surface is unique, the stakes are enormous, and the same patterns repeat.

securityevmsolana
The Top 10 Smart Contract Vulnerabilities in 2025: Lessons from Real Exploits
|Odin Scan Team

The Top 10 Smart Contract Vulnerabilities in 2025: Lessons from Real Exploits

2025 saw over $2 billion stolen from smart contracts. These are the 10 vulnerability patterns responsible for the largest losses, ranked by total damage.

securityexploit-teardownevm
Smart Contract Testing: What Your Test Suite Is Missing
|Odin Scan Team

Smart Contract Testing: What Your Test Suite Is Missing

Your tests pass. Your contracts still get drained. Here is why: most test suites verify the happy path and skip the exact conditions attackers exploit.

testingbest-practicessecurity
Pre-Audit Checklist: How to Prepare Your Smart Contracts for a Security Review
|Odin Scan Team

Pre-Audit Checklist: How to Prepare Your Smart Contracts for a Security Review

Auditors spend hours on code that is not ready. That is your money wasted. Here is the checklist that gets your codebase audit-ready before the engagement starts.

best-practicessecurityaudit
Aave's $27M Glitch: When the Oracle Was Right and the Cap Was Wrong
|Odin Scan Team

Aave's $27M Glitch: When the Oracle Was Right and the Cap Was Wrong

On March 10, a snapshot parameter drifted against its timestamp on Aave's CAPO oracle. 34 users got liquidated for $27M against a capped wstETH rate that no longer reflected reality.

exploit-teardownevmoracle
EVM Smart Contract Security: The Developer's Practical Guide
|Odin Scan Team

EVM Smart Contract Security: The Developer's Practical Guide

Billions lost. Mostly to the same handful of bugs. Here is the complete practical guide to EVM smart contract security: what the vulnerabilities are, why they happen, and how to prevent them.

evmsoliditysecurity
Solana Smart Contract Security: The Complete Guide for Anchor Developers
|Odin Scan Team

Solana Smart Contract Security: The Complete Guide for Anchor Developers

Anchor's macro system handles a lot. Not everything. Here are the vulnerabilities Solana programs still ship with regularly, and how to prevent them.

solanaanchorsecurity
Solv Protocol Lost $2.7M to Reentrancy. The Contract Was Unaudited.
|Odin Scan Team

Solv Protocol Lost $2.7M to Reentrancy. The Contract Was Unaudited.

On March 5, an attacker turned 135 BRO tokens into 567 million through an ERC-3525 callback reentrancy on Solv Protocol. The vault had no reentrancy guard. It had no audit either.

exploit-teardownevmreentrancy
The Bybit $1.5B Hack: How a Safe Multisig Was Drained
|Odin Scan Team

The Bybit $1.5B Hack: How a Safe Multisig Was Drained

On February 21, 2025, the Lazarus Group stole $1.5 billion from Bybit in the largest crypto hack in history. The multisig was fine. The UI was not.

exploit-teardownevmmultisig