Summary: The OWASP has released its updated list of the top 10 vulnerabilities affecting smart contracts in 2025, providing crucial insights for developers and security professionals. This document highlights the most frequently exploited vulnerabilities in the Web3 landscape, emphasizing the need for improved security measures. Key vulnerabilities include access control flaws, price oracle manipulation, and reentrancy attacks, which have led to significant financial losses in the past year.
Threat Actor: Various attackers | various attackers
Victim: Smart contract developers and users | smart contract developers and users
Keypoints :
- Access Control Vulnerabilities (SC01:2025) resulted in $953.2 million in losses in 2024.
- Price Oracle Manipulation (SC02:2025) destabilizes protocols by exploiting weak data feeds.
- Logic Errors (SC03:2025) lead to improper token minting and flawed lending logic.
- Reentrancy Attacks (SC05:2025) can drain funds and break contract logic, causing $35.7 million in losses in 2024.
- Flash Loan Attacks (SC07:2025) manipulate protocols using uncollateralized loans.
- Additional vulnerabilities include Integer Overflow and Underflow (SC08:2025), Insecure Randomness (SC09:2025), and Denial of Service Attacks (SC10:2025).
For the full list and detailed recommendations, visit the OWASP Smart Contract Security Project.
Source: https://securityonline.info/owasp-unveils-top-10-smart-contract-vulnerabilities-for-2025/