This page collects WhisperX intelligence signals tagged #smart-contract. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical vulnerability has been identified in a smart contract's payout function, where the idempotency guard is written *after* token transfers are executed. This flaw violates the fundamental Checks-Effects-Interactions (CEI) pattern, creating a direct path for double payments and fund loss. Specifically, in the `d...
A critical deployment mismatch has effectively blocked all withdrawal functionality. The core ZK withdrawal circuit was updated to include a fifth public input (`chainId`), but the live `Groth16Verifier` smart contract remains compiled for the old four-input version, rendering it stale and incompatible. This operationa...
A high-priority GitHub issue calls for the implementation of a critical security failsafe: an emergency pause mechanism for an entire smart contract. The proposal mandates that a contract administrator be granted the power to globally halt all new stream creation and withdrawals in the event of a discovered vulnerabili...
A critical security vulnerability has been identified in transfer operations across multiple modules of a smart contract system. The flaw stems from state updates occurring after external calls, a pattern that creates exploitable conditions for reentrancy attacks. Security researchers flagged the issue with critical pr...
A critical reentrancy vulnerability has been identified in transfer operations, with state updates occurring after external calls across multiple modules. The flaw follows a classic pattern where contracts execute external calls before updating internal state, creating an exploitation window that allows malicious actor...
A critical access control vulnerability has been identified in the Solar Grid smart contract deployed on Soroban, raising serious concerns about the security of administrative functions. The `initialize` function in `contracts/solar_grid/src/lib.rs` contains no authentication mechanism, allowing any external account to...
A critical authentication bypass vulnerability has been identified in the `flag_suspicious` function within the fraud-prevention module of a Soroban smart contract deployment. The flaw, documented in `contracts/fraud-prevention/src/lib.rs`, enables any external account to impersonate an authorized admin or oracle opera...
A red team bug bounty submission has surfaced multiple critical vulnerabilities in the RTC protocol, with researchers flagging unlimited coin minting and stranded OTC bridge funds as the highest-severity findings. The audit, conducted under Mythos-style methodology, identified eight distinct security issues spanning cr...
A critical security gap has been identified in the hackathon_registry smart contract within the Stellar ecosystem. The contract lacks an emergency pause mechanism鈥攁 failsafe that its sibling contract, core_escrow, explicitly implements through pause_routing. Without this capability, administrators have no way to halt o...