In traditional banking, if a hacker steals money, the bank reverses the transaction. In Blockchain, transactions are immutable. The DAO hack in 2016 resulted in a 'Hard Fork' of Ethereum because there was no other way to fix it.
Reentrancy Attack
The most classic attack.
1. Contract A sends 1 ETH to Contract B (Attacker).
2. Contract B has a "fallback function" that executes as soon as it receives money.
3. This fallback function calls "Withdraw" on Contract A AGAIN before the first transaction is marked as complete.
4. Contract A thinks it still has money, sends another 1 ETH.
5. Loop until Contract A is empty.
1. Flash Loans
You can borrow $100 Million for 10 seconds, as long as you pay it back in the same transaction block.
Hackers use this massive capital to manipulate Decentralized Exchange (DEX) prices, buy cheap tokens, and pocket the difference.
This creates "Flash Loan Attacks" where millions are drained instantly.
2. Weak Randomness
Computers cannot generate true random numbers.
If a lottery contract uses `block.timestamp` to pick a winner, a miner manipulate the timestamp slightly to ensure THEY win the lottery.
Auditing Tools
- Slither: Python static analyzer for Solidity.
- Mythril: Security analysis tool for EVM bytecode.
- Remix IDE: Manual testing and deployment.