Smart Contract Security (2026 State)

$7B lost in Ethereum security incidents in 2024. 49 of 50 smart contract exploits in 2025 were pre-audit detectable. Audits are provably insufficient — the field is undergoing a shift toward pre-deployment formal verification and continuous post-deployment monitoring. (→ EthCC[9] — Conference Overview)

The Audit Failure

Sarah Hicks (Olympix):

  • 90% of exploits happen on audited code.
  • 49 of 50 smart contract hacks in 2025 were preventable before deployment — missed by audits.
  • Top attack vectors in 2025: logic bugs (72%), access control (55%), precision/accounting (40%), oracle manipulation (30%).
  • Why audits miss these: scope limitations, time pressure, quality variance across auditors, no adversarial coverage.
  • “Branch coverage ≠ adversarial coverage. Exploited paths were technically covered but never tested under hostile conditions.”

Composability explosion (Balancer hack example): old audited code + new audited code = unaudited interaction. Audits are point-in-time; composability creates runtime surfaces never examined.

Shift-Left Security

Traditional finance model: critical paths formally verified before production. Web3 has treated security as post-deployment afterthought.

Required stack (pre-deployment):

  1. Static analysis — automated pattern detection (reentrancy, integer overflow, access control).
  2. Fuzzing — automated input generation to find edge cases; must be adversarially configured, not just random.
  3. Formal verification — mathematical proof that code satisfies a specification.
  4. Symbolic execution — exhaustive path exploration under symbolic constraints.

These run before audit, not instead of audit. Audits remain necessary; they’re just no longer sufficient.

Formal Verification at Compiler Level (Charles Cooper / Vyper)

Vyper became the first formally verified smart contract compiler (CompCert-style semantics preservation):

  • Every compilation step (source → IR → bytecode) mathematically proved to preserve semantics.
  • Includes stack spilling, memory allocation, and optimization passes.
  • SnakeMaker case study: proved natural log error bounded by 1.5 ULPs; exponential error grows with input.
  • Curve V4 stable swap: proving “virtual price never decreases” = no fund loss via rounding (ongoing).
  • AI-assisted proofs: 3× faster than manual (from December; CompCert took 15 years manually).

Key insight: compiler bugs invalidate all contracts compiled with the vulnerable version — securing the compiler is more leverage than securing individual contracts.

Live State Fuzzing (Jon Stephens / Veridise)

Gap: security ends at deployment. Post-deployment = reactive monitoring only.

Live state fuzzing: fork mainnet state, run fuzzing campaign with transaction history as seed corpus:

  • Nomad: caught vulnerability 41 days after patch (before public exploit).
  • Beanstalk: emergency commit path discovered via fuzzing.

Requirements: specifications (heuristics, generic, or project-specific) — fuzzing without specs finds random bugs, not protocol violations.

Deployed by: Circle, Uniswap, Securitize.

Limitation: does not replace auditing. Supplements it by covering the live deployment surface that audits miss.

Account Abstraction Attack Surface (AliceAndBob / Certora)

EIP-4337 and EIP-7702 both expand the attack surface:

EIP-4337 (Application-Layer AA)

  • Bundlers, mempools, and entry point become single points of failure.
  • Paymaster gas drain: if paymaster forgets to reserve penalty cost buffer, bundler forces penalty payments.
  • 10% unused gas penalty griefing: malicious users inflate gas estimates to force penalty payments.
  • EIP-7562 bans dangerous opcodes but cannot close the simulation/execution gap fundamentally.

EIP-7702 (Protocol-Layer AA)

  • Converts EOA to smart contract for one transaction; revocable but storage persists across delegations.
  • Storage collision attack: re-delegating to an incompatible contract layout breaks account via leftover state from previous delegation.
  • “Pretty hard to fix because the layout is now unknown.” Private key is never revoked — compromise remains permanent.

Critical difference: 4337 private key can lose privileges but survives; 7702 private key compromise is irreversible.

Trillion Dollar Security Initiative (Hester Bruikman / EF)

  • Goal: make Ethereum secure enough to hold $1T+ in value with acceptable risk.
  • WalletBeat maturity model:
    • Stage 0: basic key storage.
    • Stage 0.5: clear signing (user sees what they’re signing).
    • Stage 1: secure key storage, scam detection, correct RNG.
    • Stage 2: reproducible builds, hardware wallet support, advanced recovery.
  • 600M people own crypto; only ~10M in secure self-custody. The gap = 590M people at risk.
  • $93M lost in first 3 months of 2025 via wallet-level attacks.

Supply Chain Attacks: The Dominant Threat (ETHDenver 2026)

The Bybit hack ($1.5B+, Lazarus Group) changed the threat model. Smart contract audits didn’t fail — the contracts were correct. The attack exploited the UI/signing gap.

2025 crypto loss breakdown:

  • 50%+ from supply chain attacks (compromised npm packages, developer laptops, SDK poisoning)
  • 40%+ from phishing and UI spoofing
  • ~20% from smart contract bugs

Dependency security minimum requirements (Diogo Pereira / Hedera):

  • Lockfiles with pinned exact versions
  • Scoped package names (prevent typosquatting: @uniswap/v3-sdk not uniswap-v3-sdk)
  • 48-hour monitoring window after dependency updates
  • Ongoing monitoring services watching for silent version changes

The semantic gap: User sees “approve 1 ETH,” signs “approve unlimited transfer to attacker address.” No smart contract bug; UI was compromised. Audits don’t cover this surface.

Behavior-Based Security (Rodrigo / Webacy)

Traditional security = blacklists and post-hoc forensics. Behavior-based = detect attacks in <60 seconds before most users are exposed.

Key signals for token launch attacks (10k+ Solana tokens/day, average rug-pull in 2 minutes):

  • Timing: tokens bought within 10 seconds of launch → 72% rug-pull probability
  • Coordination: multiple wallets funded by same source, buying in same block
  • Deployer profiling: 14+ token deployments/day = scammer pattern; legitimate = 1–2
  • Money flow: mixer outputs → fresh wallets → new token deployment = attack infrastructure

ECDSA Signature Validation (Opal Graham / Coinbase)

Common mistakes in smart contract signature validation:

BugDescriptionFix
Unvalidated ecrecoverReturns address(0) on invalid signatures without revertingExplicit != address(0) check
Replay attacksSame signature valid on multiple chains/contracts/callsInclude chain ID, contract address, nonce, recipient
Hash collisionencodePacked on adjacent dynamic typesUse abi.encode or non-adjacent fields
Signature malleabilityFor any (V,R,S), a corresponding (V’,R,S’) also validatesEnforce S ≤ n/2

Core principle: transactions are immutable (sacred); logic is not — declare rules in advance for trustless execution.

AI in Security: Double-Edged

Rémi (Lagoon.finance): AI enables cheap audits — but also enables faster exploit discovery. Resolve’s hack involved private key theft (infrastructure security, not contract logic). AI is neutral; it amplifies human capability in both directions.

Vyper (Charles Cooper): AI-assisted formal proofs are 3× faster. This is a net positive for defenders if defenders adopt it first.

ETHPrague 2026: Audit-Cycle-Is-Dead

The 2026 cyber apocalypse and the April hacking record

By ETHPrague 2026, April 2026 was the highest-loss hacking month on record — almost entirely AI-augmented. Major data breaches happened so frequently that single researchers got KYC documents leaked in three separate incidents within months. This is the operational frame for the new security posture.

Continuous AI auditing replaces the audit cycle (AI Smart Contract Auditing)

Riptide (Greg AI), 7chat (Eigor Gulamov), and Wake (Argo) lead the production-grade AI-driven smart-contract security category. Headline claims validated by public bug-bounty payouts against Lido, Chainlink, Aave, Uniswap, Reserve, ENS, Polygon:

  • AI red-team kits now match top human auditors for the bug discovery layer.
  • Cost-of-intellect halves every 1.5 months — black-hat economics work because they can spend $100K of inference to drain a $1M-bounty contract.
  • CTF Bench fully solved as of June 2025 by Gemini 2.5 Pro, then GPT-5.5.
  • The audit cycle is replaced by continuous scanning: lightweight per-commit; heavyweight pre-mainnet.

Full coverage at AI Smart Contract Auditing. The category is now its own discipline within smart-contract security, complementing fuzzing (Smart Contract Fuzzing) and formal verification.

Cross-domain bugs are the new frontier (7chat / Eigor Gulamov)

The 2025–2026 hack pattern: vulnerabilities increasingly require PhD-level math + low-level assembly + cryptoeconomic understanding combined. Lazarus-class adversaries used to be the only group with this multi-domain capacity; AI removed the bottleneck. The Balancer hack, Bunny hack, and cross-domain console-log exploits illustrate the pattern. White-hat economics are inverted: discovering a $1M bug costs $100K of inference, but white-hat reward is ~$30K. Until the asymmetry resolves, attackers dominate the discovery layer; defense lives in broken-invariant detection (which is structurally cheaper than path-exhaustion).

Hardware Wallets in the Age of AI (Tomas Martykan)

When an agent signs on a user’s behalf, blind-signing risk multiplies. Genuine-language transaction attestation (the NETSPEC-style pattern) becomes urgent — without it, agentic transaction signing is structurally unsafe. The hardware-wallet layer is now part of the agentic-security stack, not separate.

Decentralized, Not Defenseless — Governance Security Checklist (Shelby Steidl)

A governance-side checklist that complements the smart-contract layer: quorum-bypass attacks, delegated-vote concentration, proposal-collision attacks, emergency-shutdown mechanisms (themselves an attack surface), pseudonymous delegate accountability. The smart-contract-security stack must extend to DAO governance security to cover the full attack surface — see DAO Governance Evolution.

Wake 5.0 and fuzzing renaissance (Smart Contract Fuzzing)

Wake 5.0 (Argo, Michal Prevratil) shipped with Rust core + Python API, 10–80× speedup. Akidna adds HEVM symbolic verification; Medusa 1.0 ships; Foundry adds coverage-guided fuzzer. The maturity moment for fuzzing is here. AI-directed fuzzing (Akidna MCP support, Wake AI-fuzzing-test-generation) is the imminent next layer.

Open-source funding gap remains acute

The same security stack (Wake, Akidna, Echidna, Medusa) is funded almost entirely through ETH Security Quadratic Funding rounds. No direct revenue stream sustains production tools. This is a structural fragility the cypherpunk / public-goods funding community is now actively trying to fix (Ethereum Public Goods Funding, Ethereum Kernel & Public Goods Funding).

Connections

Open Questions

  • Can AI-assisted formal verification scale to cover full DeFi protocol stacks in reasonable time?
  • Will WalletBeat maturity tiers become a market standard (like SSL certs) or remain advisory?
  • As live state fuzzing grows, will attackers adopt the same tooling to discover vulnerabilities faster?
  • How do you specify “correctness” for systems with intentionally adversarial inputs (MEV, oracle manipulation)?