Blockchain threat modeling is a structured process for proactively identifying potential security vulnerabilities in a system. Unlike traditional software, blockchain applications operate in a hostile, adversarial environment where code is immutable upon deployment and assets are directly at stake. The core methodology involves four key steps: decomposing the application (understanding data flows, trust boundaries, and actors), identifying threats (using frameworks like STRIDE), analyzing risks (assessing likelihood and impact), and defining mitigations. For a DeFi lending protocol, this means modeling interactions between users, the protocol's Pool contract, price oracles, and external token contracts to pinpoint attack vectors.
LABS
Guides
How to Prepare for Common Attack Scenarios
A practical guide for developers on identifying, modeling, and mitigating prevalent smart contract and blockchain attack vectors with code examples and actionable steps.
Chainscore © 2026
introduction
SECURITY FUNDAMENTALS
Introduction to Blockchain Threat Modeling
A systematic approach to identifying, analyzing, and mitigating security risks in decentralized applications and smart contracts before deployment.
Common attack scenarios in Web3 stem from the unique properties of blockchains: public execution, value transfer, and composability. Key categories include reentrancy attacks (where malicious contracts re-enter a function before its state is updated), oracle manipulation (feeding incorrect price data to drain liquidity pools), access control flaws (missing onlyOwner modifiers), front-running (observing pending transactions to gain advantage), and logic errors in complex financial math. The 2022 Wormhole bridge hack, resulting in a $325 million loss, was caused by a signature verification flaw—a failure in threat modeling the bridge's multi-signature validation process.
To prepare for these scenarios, developers should integrate threat modeling into their Software Development Lifecycle (SDLC). Start by creating data flow diagrams (DFDs) for all user stories. Map out all external calls, data inputs (especially from oracles), and state changes. For each component, apply the STRIDE framework: could it be Spoofed, Tampered with, Repudiated, have Information disclosure, be subject to Denial of service, or have Elevation of privilege? Use tools like the ConsenSys Diligence Security Toolbox or MythX for automated analysis, but remember these complement, rather than replace, manual review.
Implementing mitigations requires writing defensive code patterns. Guard against reentrancy using the Checks-Effects-Interactions pattern and OpenZeppelin's ReentrancyGuard. Use decentralized oracle networks like Chainlink for robust price data. Employ time-locks and multi-signature wallets for privileged operations. A practical code example is using a pull-over-push pattern for payments to prevent denial-of-service: instead of payable(msg.sender).transfer(amount), allow users to withdraw funds via a function like function withdraw(uint amount) public { require(balances[msg.sender] >= amount, "Insufficient balance"); balances[msg.sender] -= amount; (bool success, ) = msg.sender.call{value: amount}(""); require(success, "Transfer failed"); }.
Continuous monitoring and response planning are critical final steps. Even with robust pre-deployment modeling, new threats emerge. Establish monitoring for on-chain events using services like OpenZeppelin Defender or Tenderly Alerts to detect anomalous transactions. Create and regularly update an incident response plan that includes steps for pausing contracts (via emergency pause functions), communicating with users, and executing protocol upgrades. The goal is not to achieve perfect security—an impossibility—but to systematically raise the cost and complexity of an attack, making your application a less attractive target compared to softer alternatives in the ecosystem.
prerequisites
PREREQUISITES AND SECURITY MINDSET
How to Prepare for Common Attack Scenarios
A proactive security posture is the most effective defense. This guide outlines a framework for anticipating and mitigating prevalent smart contract vulnerabilities before deployment.
Effective preparation begins with threat modeling. Before writing a line of code, identify your system's trust boundaries and value flows. Ask: what assets are at risk (user funds, protocol fees, governance power)? Who are the potential adversaries (external attackers, malicious users, competing protocols)? What are the privileged roles (owner, admin, upgrade proxy) and what happens if they are compromised? Documenting these assumptions creates a security checklist that guides development and audit focus. Tools like the ConsenSys Diligence Threat Modeling Toolkit can formalize this process.
With threats identified, integrate preventative patterns directly into your development lifecycle. Use established libraries like OpenZeppelin Contracts for standard token and access control logic, which is extensively audited. Write comprehensive unit and fork tests that simulate attacks: test for reentrancy by mocking a malicious contract, verify slippage protections under extreme market conditions, and ensure access controls revert correctly. Implement static analysis early using Slither or Mythril to catch common bugs automatically. Treat these tools not as final checks, but as integrated parts of your CI/CD pipeline.
Finally, adopt a defense-in-depth strategy for deployment and monitoring. Even audited code can have flaws. Use a timelock for all privileged operations, giving users a window to react to malicious proposals. Plan a pause mechanism for critical functions to stop bleeding in an emergency. Post-deployment, monitor for suspicious activity with services like Forta Network, which provides real-time alert bots for transaction patterns associated with hacks. Remember, security is not a feature you add but a continuous process embedded from design through maintenance.
key-concepts
SECURITY
Core Attack Vectors to Model
To build resilient protocols, developers must proactively simulate and defend against these common exploit patterns. This guide covers the technical mechanics of major attack vectors.
CORE DEFENSE STRATEGIES
Attack Vector Mitigation Matrix
Comparison of primary mitigation techniques for common smart contract and DeFi attack vectors.
| Attack Vector | Preventative Hardening | Reactive Monitoring | Economic Safeguards |
|---|---|---|---|
Reentrancy | |||
Oracle Manipulation | |||
Front-Running | |||
Logic Errors | |||
Admin Key Compromise | |||
Flash Loan Exploits | |||
Price Slippage | |||
Governance Attacks |
mitigate-reentrancy
SECURITY
How to Mitigate Reentrancy Attacks
Reentrancy attacks exploit recursive callback vulnerabilities in smart contracts, allowing attackers to drain funds. This guide explains the mechanics and provides concrete mitigation strategies.
A reentrancy attack occurs when a malicious contract exploits a state change that happens after an external call. The classic pattern involves a vulnerable contract that sends Ether before updating its internal balance. An attacker's receive() or fallback() function can recursively call back into the vulnerable function, executing multiple withdrawals before the balance is deducted. The infamous 2016 DAO hack, which resulted in the loss of 3.6 million ETH, was a direct consequence of this vulnerability. Understanding this flow is the first step toward prevention.
The most effective and widely adopted defense is the Checks-Effects-Interactions (CEI) pattern. This design principle mandates a strict order of operations: first, perform all checks (e.g., validating inputs and permissions). Second, make all state effects (e.g., updating balances). Finally, perform external interactions (e.g., call.value() or transfer). By updating the contract's internal state before sending funds, you eliminate the condition the attacker depends on. This pattern should be the default for any function that makes external calls.
For stronger guarantees, use reentrancy guards. OpenZeppelin's ReentrancyGuard contract provides a nonReentrant modifier that uses a boolean lock. When a function with this modifier is called, it sets a lock, executes the function body, and then releases the lock. Any reentrant call will fail because the lock is already set. This is especially useful for complex contracts where maintaining strict CEI is difficult. You can import it with import "@openzeppelin/contracts/security/ReentrancyGuard.sol";.
Beyond CEI and guards, specific practices reduce risk. Use Solidity's transfer() or send() for Ether transfers, as they forward only 2300 gas, which is insufficient for a recursive callback that modifies state. For ERC-20 tokens, approve and transfer patterns must also follow CEI. Always audit external contract addresses and consider using pull-over-push patterns for withdrawals, where users initiate the transfer of their own funds, removing the need for the contract to make the external call first.
secure-oracle-feeds
DEVELOPER SECURITY
How to Secure Oracle Price Feeds
Oracle price feeds are critical infrastructure for DeFi. This guide outlines common attack vectors and provides actionable strategies to mitigate them.
Oracle price feeds are a primary attack vector in DeFi, with exploits like the 2022 Mango Markets incident resulting in over $100M in losses. The core vulnerabilities typically stem from price manipulation, latency attacks, and oracle downtime. To secure your protocol, you must design with the assumption that the reported price can be incorrect, stale, or maliciously manipulated. This requires implementing multiple layers of defense at both the smart contract and system architecture level.
The most common threat is price manipulation via flash loans. An attacker can borrow a massive amount of assets, skew the price on a DEX that your oracle reads from, trigger a favorable action in your protocol (like a cheap liquidation or inflated collateral value), and repay the loan—all within a single transaction. To defend against this, avoid using a single DEX as your sole price source. Instead, aggregate prices from multiple reputable sources like Chainlink, Pyth Network, and Uniswap V3 TWAP oracles. Implement a circuit breaker that halts operations if the price deviates beyond a sane threshold (e.g., 5% in one block).
Another critical scenario is oracle failure or latency. If a primary oracle goes offline or experiences high latency, your protocol could operate on dangerously stale data. Implement a heartbeat and staleness check. For example, when consuming a Chainlink price feed, always verify answeredInRound and the timestamp:
solidityrequire(answeredInRound >= roundId, "Stale price"); require(block.timestamp - updatedAt <= heartbeat, "Price too old");
Additionally, design a fallback mechanism. This could be a secondary oracle from a different provider (like switching from Chainlink to Pyth if the former fails) or a community-driven emergency price submission process with a multi-signature timelock.
For protocols with their own custom oracles or keeper networks, incentive misalignment is a key risk. Ensure your oracle nodes have sufficient skin in the game through staking and slashing mechanisms. Penalize nodes for submitting prices outside a consensus band. Use a commit-reveal scheme to prevent front-running of price submissions. Furthermore, sanitize all input data. Even with a trusted oracle, validate that the returned price is non-zero, within plausible bounds for the asset, and that the decimals are correctly adjusted before use in calculations.
Finally, prepare for extreme market volatility and blockchain congestion. During events like the LUNA collapse, prices moved so rapidly that oracles could not keep up, leading to under-collateralized positions. Set conservative liquidation parameters and debt ceilings for volatile assets. Consider using time-weighted average prices (TWAPs) for critical functions like calculating borrowing power, as they are far more expensive to manipulate. Regularly stress-test your system with historical volatility data and simulated oracle failures to identify breakpoints.
prevent-front-running
SECURITY GUIDE
How to Prevent Front-Running and MEV
Front-running and Maximal Extractable Value (MEV) are systemic risks in decentralized finance. This guide explains how these attacks work and provides actionable strategies for developers to protect their smart contracts and users.
Front-running occurs when a network participant, typically a bot, sees a pending transaction in the mempool and submits their own transaction with a higher gas fee to execute first. This exploits the transparent and sequential nature of blockchain transaction ordering. Common attack vectors include DEX arbitrage, where a bot front-runs a large trade to profit from the resulting price change, and NFT minting, where bots snipe limited-edition drops. The broader concept of Maximal Extractable Value (MEV) encompasses all profit a validator (or searcher/block builder) can extract by manipulating transaction order within a block, including sandwich attacks and liquidations.
To mitigate these risks, developers can implement several on-chain strategies. Commit-Reveal schemes separate the submission of a transaction from its execution. Users first submit a hashed commitment of their intent. After a delay, they reveal the actual transaction details, making front-running the initial commitment impossible. Using private transaction relays like Flashbots Protect or Titan submits transactions directly to block builders, bypassing the public mempool. For DEX design, batch auctions and time-weighted average price (TWAP) orders can reduce the profitability of MEV by aggregating trades over time, a method used by protocols like CowSwap.
Smart contract logic must also be designed with MEV resistance in mind. Avoid creating predictable, profitable transaction patterns. For example, use deadline parameters in swap functions so transactions expire if not mined quickly, preventing them from being stuck and targeted in the mempool. Implement slippage protection with tight tolerances, though this must be balanced against transaction failure rates. For lending protocols, use oracle-free liquidation mechanisms or Dutch auctions to make liquidation MEV less predictable and extractable.
At the protocol level, solutions are emerging. MEV-Boost for Ethereum, while increasing validator revenue, also centralizes block building. The long-term answer may be Proposer-Builder Separation (PBS), which is being designed into Ethereum's protocol to separate the roles of block proposal and construction. SUAVE (Single Unified Auction for Value Expression) is a proposed decentralized block builder and mempool that aims to democratize access to MEV. As a developer, staying informed about these evolving standards is crucial for future-proofing applications.
For end-users, education is key. Advise them to: use RPC endpoints with private transaction support, set appropriate slippage tolerances (e.g., 0.5% instead of 5%), and be wary of interacting with contracts during periods of high volatility or congestion when MEV activity spikes. While MEV cannot be fully eliminated, a combination of careful smart contract design, user education, and leveraging emerging infrastructure can significantly reduce its negative impact on your application's users and integrity.
harden-governance
SECURITY GUIDE
How to Harden Governance Contracts
Governance attacks can drain treasuries and derail protocols. This guide outlines concrete strategies to fortify your smart contracts against common attack vectors.
Governance attacks typically exploit the time delay between a proposal's submission and its execution. The most common vector is a governance takeover, where an attacker acquires enough voting power to pass a malicious proposal, such as one that drains the treasury or upgrades the contract to a malicious implementation. To mitigate this, contracts should implement a timelock. A timelock enforces a mandatory waiting period between a proposal's approval and its execution, giving the community time to review the finalized code and react—potentially by exiting funds—if a malicious proposal slips through.
Beyond timelocks, careful design of voting and proposal mechanisms is critical. Avoid using simple token-weighted voting for all decisions, as it is vulnerable to flash loan attacks where an attacker borrows a large amount of tokens to pass a proposal and returns them in a single transaction. Consider implementing vote delegation, quadratic voting to reduce whale dominance, or a multisig guardian for critical emergency functions. Furthermore, set meaningful proposal thresholds to prevent spam and ensure a minimum level of community support is required to initiate a vote.
Smart contract logic must also be hardened. Use the Checks-Effects-Interactions pattern rigorously to prevent reentrancy in any function that handles treasury assets. Explicitly define and restrict the receive() or fallback() functions. For upgradeable contracts using proxies, ensure the implementation contract itself cannot be selfdestructed or have its logic altered, and use a transparent proxy pattern to prevent selector clash attacks. Always conduct rigorous testing and audits on the final, time-locked proposal payload, not just the original governance framework.
Real-world examples provide clear lessons. The 2022 attack on Beanstalk Farms saw an attacker use a flash loan to pass a malicious proposal and steal $182 million, highlighting the danger of instant execution. In contrast, Compound's governance, which uses a multi-day timelock, has successfully allowed the community to veto problematic proposals before execution. Your contract's parameters—like timelock duration, proposal threshold, and voting period—should be calibrated to your protocol's treasury size and community responsiveness.
SECURITY
Implementation FAQ and Troubleshooting
Addressing common developer questions and pitfalls when building secure smart contracts. This guide provides actionable solutions for handling reentrancy, gas limits, and other critical attack vectors.
The EVM has a block gas limit, and transactions exceeding it will revert. This often occurs in loops processing unbounded arrays or performing expensive storage writes.
Common causes and fixes:
- Unbounded Loops: Iterating over a dynamic array controlled by users (e.g.,
for (uint i; i < users.length; i++)) can run out of gas. Use pagination or limit the loop size. - Expensive Operations in Loops: Avoid
SSTORE(writing to storage) or external calls inside loops. Cache data in memory first. - Gas Estimation Errors: Tools like Hardhat or Foundry can underestimate gas for complex paths. Use
require(gasleft() > SAFE_GAS_BUFFER)for critical sections.
Example Mitigation:
solidityfunction processBatch(address[] calldata users, uint batchSize) external { for (uint i = 0; i < users.length && i < batchSize; i++) { // Process user } }
resource-links
DEFENSIVE PREPARATION
Security Tools and Auditing Resources
Preparing for common smart contract attack scenarios requires structured threat modeling, automated analysis, and adversarial testing. These tools and practices help teams identify vulnerabilities before deployment and reduce exploit impact post-launch.
01
Threat Modeling for Smart Contracts
Threat modeling formalizes how attackers can exploit your system before a single line of code is deployed. For smart contracts, this means explicitly mapping trust boundaries, external dependencies, and incentive failures.
Key actions when threat modeling Ethereum or EVM-based protocols:
- Enumerate attacker goals such as asset theft, griefing, governance capture, or oracle manipulation
- Map external entry points including public functions, callbacks (ERC777, hooks), bridges, and cross-chain messaging
- Identify economic assumptions like liquidity depth, block timing, and MEV exposure
- Classify risks by impact and likelihood, not just code-level bugs
Effective threat models reference real exploits including reentrancy (DAO, 2016), price manipulation via flash loans (bZx, 2020), and authorization bypass (Nomad, 2022). Updating the model as protocol scope evolves is critical. Treat this as a living document reviewed before audits and major upgrades.
conclusion-next-steps
PROACTIVE DEFENSE
How to Prepare for Common Attack Scenarios
This guide outlines a systematic approach to preparing for and mitigating prevalent smart contract attack vectors, moving from reactive fixes to proactive security.
Effective preparation begins with threat modeling. Before writing code, identify your system's high-value assets—such as user funds, governance tokens, or protocol ownership—and map the potential attack surfaces. Common entry points include user input validation, external contract calls, price oracles, and privilege escalation paths. Tools like the Consensys Diligence Threat Modeling Template provide a structured framework. This exercise forces you to consider the attacker's perspective, shifting security from an afterthought to a core design principle.
Next, implement layered defensive coding patterns. Relying on a single check is insufficient. For reentrancy, use the checks-effects-interactions pattern and employ reentrancy guards like OpenZeppelin's ReentrancyGuard. For flash loan attacks, design mechanisms that are resilient to temporary, artificial capital inflation, such as using time-weighted average prices (TWAPs) from oracles like Chainlink instead of instantaneous spot prices. For front-running, consider commit-reveal schemes or fair ordering mechanisms offered by some blockchains. These patterns are your first line of defense.
Rigorous, automated testing is non-negotiable. Unit tests should cover normal operation, but property-based testing (with Foundry's fuzzing or Echidna) is critical for uncovering edge cases by randomly generating inputs. Write invariant tests that assert fundamental truths about your system (e.g., "total user balances always equal the contract's token balance"). Simulate attack scenarios directly: write a test where a malicious contract attempts a reentrancy attack or a user exploits a rounding error. Treat your test suite as a continuous simulation of attacker behavior.
Formal verification and expert auditing provide the final pre-deployment validation. Tools like Certora Prover or SMTChecker can mathematically prove that your code adheres to critical specifications, such as "only the owner can pause the contract." Following this, engage multiple specialized security firms for audits. Review their findings meticulously; do not treat the audit report as a checklist but as a deep educational resource on your system's vulnerabilities. All issues, even those deemed low severity, should be understood and addressed.
Post-deployment, establish a continuous security monitoring and response protocol. This includes monitoring tools like Forta for real-time threat detection, setting up incident response plans with clear roles, and maintaining an active bug bounty program on platforms like Immunefi. Ensure upgradeable contracts have secure, timelocked governance processes. Security is not a one-time event but an ongoing process that evolves with new threats and insights from the ecosystem.