Blog

Security research, vulnerability analysis, and product updates.

Allaccess-controlai-securityanchorannouncementsaptosauditbenchmarksbest-practicesbridgechecklistci-cdconfigurationcosmoscosmwasmdefidevopserc-3525evmexploit-teardownflash-loansgovernancelstmovemultisignorth-koreaoracleproductreentrancyresearchrustsecuritysocial-engineeringsolanasoliditysuisupply-chainsvmtestingtoolingupgradesvulnerability-class
Flash Loan Attack Playbook: How Attackers Think and How to Defend
|Odin Scan Team

Flash Loan Attack Playbook: How Attackers Think and How to Defend

Flash loans do not create vulnerabilities. They make existing ones profitable. Here is how attackers construct flash loan exploits step by step, and the specific design patterns that neutralize them.

evmdefisecurity
Governance Attack Vectors: How DAOs Get Exploited
|Odin Scan Team

Governance Attack Vectors: How DAOs Get Exploited

Governance proposals execute with the highest privilege level in a protocol. They are also the least scrutinized code path. Here is how attackers exploit that gap.

governancesecurityevm
Reentrancy in 2026: The Bug That Refuses to Die
|Odin Scan Team

Reentrancy in 2026: The Bug That Refuses to Die

Ten years after The DAO hack, reentrancy is still draining protocols. The classic variant is well-understood. The modern variants are not. Here is what reentrancy looks like in 2026.

evmsoliditysecurity
The Top 10 Smart Contract Vulnerabilities in 2025: Lessons from Real Exploits
|Odin Scan Team

The Top 10 Smart Contract Vulnerabilities in 2025: Lessons from Real Exploits

2025 saw over $2 billion stolen from smart contracts. These are the 10 vulnerability patterns responsible for the largest losses, ranked by total damage.

securityexploit-teardownevm
Aave's $27M Glitch: When the Oracle Was Right and the Cap Was Wrong
|Odin Scan Team

Aave's $27M Glitch: When the Oracle Was Right and the Cap Was Wrong

On March 10, a snapshot parameter drifted against its timestamp on Aave's CAPO oracle. 34 users got liquidated for $27M against a capped wstETH rate that no longer reflected reality.

exploit-teardownevmoracle
EVM Smart Contract Security: The Developer's Practical Guide
|Odin Scan Team

EVM Smart Contract Security: The Developer's Practical Guide

Billions lost. Mostly to the same handful of bugs. Here is the complete practical guide to EVM smart contract security: what the vulnerabilities are, why they happen, and how to prevent them.

evmsoliditysecurity
Solv Protocol Lost $2.7M to Reentrancy. The Contract Was Unaudited.
|Odin Scan Team

Solv Protocol Lost $2.7M to Reentrancy. The Contract Was Unaudited.

On March 5, an attacker turned 135 BRO tokens into 567 million through an ERC-3525 callback reentrancy on Solv Protocol. The vault had no reentrancy guard. It had no audit either.

exploit-teardownevmreentrancy
LST/LRT Oracle Pricing: The Pattern Behind $100M+ in DeFi Losses
|Odin Scan Team

LST/LRT Oracle Pricing: The Pattern Behind $100M+ in DeFi Losses

The same misconfiguration pattern has drained protocols multiple times. LST and LRT price composition is not complicated, but getting it wrong is catastrophic.

oracleevmdefi
AI Wrote It. AI Caught It. Moonwell Lost $1.78M Anyway.
|Odin Scan Team

AI Wrote It. AI Caught It. Moonwell Lost $1.78M Anyway.

On February 15, Moonwell lost $1.78M to a cbETH oracle misconfiguration introduced in an AI-assisted PR. Odin Scan had flagged the exact vulnerability as Critical before it ever went live.

exploit-teardownevmoracle