InfoSecBulletin Cybersecurity for mankind
OWASP has released its updated list of the top 10 vulnerabilities in smart contracts for 2025. This guide highlights the most critical vulnerabilities and provides developers and security professionals with a roadmap to reduce risks in decentralized systems.
The OWASP Smart Contract Top 10 lists the most common vulnerabilities in the Web3 space, including:
Check Point said BreachForum post old data
Apple Warns of 3 Zero Day Vulns Actively Exploited
24,000 unique IP attempted to access Palo Alto GlobalProtect portals
CVE-2025-1268
Patch urgently! Canon Fixes Critical Printer Driver Flaw
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access
Australian fintech database exposed in 27000 records
Over 200 Million Info Leaked Online Allegedly Belonging to X
FBI investigating cyberattack at Oracle, Bloomberg News reports
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
Access Control Vulnerabilities (SC01:2025): Access control flaws can let unauthorized users modify a contract’s data or functions, resulting in major security breaches. In 2024, these issues caused losses of $953.2 million, as reported by SolidityScan’s Web3HackHub.
Price Oracle Manipulation (SC02:2025): Attackers exploit weak data feeds to manipulate external data sources, destabilizing protocols and creating financial chaos.
Logic Errors (SC03:2025): Mistakes in business logic remain a costly issue, leading to improper token minting, flawed lending logic, or incorrect reward distributions.
Reentrancy Attacks (SC05:2025): These attacks exploit a contract’s weak functions to drain funds or disrupt logic, leading to $35.7 million in losses in 2024.
Flash Loan Attacks (SC07:2025): These attacks exploit uncollateralized loans, disrupting liquidity and token prices. Key vulnerabilities include Integer Overflow and Underflow, Insecure Randomness, and Denial of Service Attacks.
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
