Skip to content

๐Ÿž Vulnerability Database

This is the official open knowledge base of real-world smart contract vulnerabilities curated by the LancerShield community.

Each entry contains:

  • A structured metadata frontmatter
  • Human-readable explanation
  • Minimal working examples of the vulnerable and fixed code
  • Exploit scenario and prevention strategies

๐Ÿ“‚ Categories

Vulnerabilities are grouped under severity levels using the LancerShield Severity Framework:

  • Critical (C) โ€“ Total fund loss, contract destruction, or irreversible takeover
  • High (H) โ€“ Large-scale theft or persistent unauthorized access
  • Medium (M) โ€“ Exploitable under certain conditions or state assumptions
  • Low (L) โ€“ Minor misbehavior or best-practice violations
  • Informational (I) โ€“ Non-exploitable or stylistic notes
  • Gas (G) โ€“ Optimization opportunities, not security flaws

๐Ÿง  Contributing

Want to contribute a new vulnerability?

  • Use the template to format your submission
  • Follow the contribution guide
  • Submit via Pull Request โ€” our reviewers will validate and merge after review

๐Ÿ›  Future Use

This database will serve as:

  • A source of training data for LancerShieldโ€™s CVR engine
  • A public archive of Web3โ€™s most critical and preventable security incidents
  • A shared standard to help educate and secure the smart contract ecosystem