Web3 security, defined.

Access Control

Restricting which addresses or roles can call privileged functions in a smart contract.

AMM (Automated Market Maker)

A type of DEX that prices and executes trades against a liquidity pool using a deterministic formula.

Approval Phishing

Phishing that tricks a user into granting a token approval that lets the attacker drain assets later.

Bridge

A protocol that moves assets or messages between different blockchains, and a frequent target of major exploits.

Bug Bounty

An ongoing program that pays researchers for responsibly disclosed vulnerabilities.

Checks-Effects-Interactions

A coding pattern that prevents reentrancy by validating, updating state, then calling external contracts last.

DEX (Decentralized Exchange)

A peer-to-peer trading venue running on smart contracts, with no central custodian.

DORA (Digital Operational Resilience Act)

EU regulation requiring financial entities (including crypto-asset service providers) to manage ICT risk through documented controls and periodic threat-led penetration testing.

EVM (Ethereum Virtual Machine)

The execution environment for Ethereum smart contracts, replicated by every node on the network.

Flash Loan

A loan of capital that must be borrowed and repaid in a single transaction.

Front-Running

Submitting a transaction with a higher gas price to execute before someone else's pending transaction.

Gas

The unit of computational work on Ethereum and EVM chains, paid for in the chain's native asset.

Honeypot

A token or contract designed to look profitable but trap any user who buys in.

Key Management

The full lifecycle of cryptographic keys: generation, storage, use, rotation, and destruction.

KYC / AML

Know-Your-Customer and Anti-Money-Laundering, the regulatory frameworks under which exchanges and custodians operate.

MEV (Maximal Extractable Value)

The value that can be extracted from block construction by reordering, including, or censoring transactions.

MiCA (Markets in Crypto-Assets)

The European Union's comprehensive regulatory framework for crypto-asset service providers and stablecoins.

MPC Wallet

A wallet using multi-party computation to split a single key across multiple parties so it never exists in one place.

Multi-Sig (Multi-Signature)

A wallet that requires multiple signatures from separate keys to approve a transaction.

Oracle Manipulation

Attacks that distort the price feed a protocol relies on, to drain funds via manipulated valuations.

Phishing

Social engineering attack that tricks a user into approving a malicious transaction or revealing credentials.

PSAN (Prestataire de Services sur Actifs Numériques)

France's regulated status for crypto-asset service providers, supervised by the AMF with technical security requirements set by ANSSI.

Reentrancy

A class of smart-contract vulnerability where an external call lets an attacker re-enter the calling function before its state is updated.

Responsible Disclosure

A practice in which security researchers privately notify a project of a vulnerability before publishing it.

Rollup

An L2 scaling solution that posts transaction data or proofs to an L1 to inherit its security.

Rug Pull

An exit scam where the team behind a project drains liquidity or steals funds, abandoning the project.

Safe (Gnosis Safe)

The leading multi-sig smart-contract wallet on EVM chains, used by most DAOs and protocol treasuries.

Sandwich Attack

An MEV strategy where an attacker places trades immediately before and after a victim's swap to extract slippage.

Smart Contract Audit

A manual and automated review of smart-contract code to identify security flaws before deployment.

Smart Contract Audit Report

The written deliverable of a smart contract audit, ranking each finding by severity with reproduction steps and remediation guidance.

Solidity

The dominant programming language for writing smart contracts on Ethereum and EVM chains.

Stablecoin

A cryptocurrency designed to maintain a stable price, usually pegged to USD.

TWAP (Time-Weighted Average Price)

A price computed over a time window rather than a single block, resistant to short-term manipulation.

Wallet Drainer

A malicious smart contract or kit designed to drain assets from any wallet that signs an approval.

Wallet Hygiene

The day-to-day operational practices that keep wallets safe, separation of duties, approval review, revocation.

Zero-Knowledge Proof

A cryptographic proof that a statement is true without revealing why it is true.