Skip to main content

Control Flow & Misc

This section contains detectors that identify control flow vulnerabilities and miscellaneous contract logic issues. These patterns often arise from developer oversight, language subtleties, or unintended interactions between contract components.

Vulnerabilities in this category can lead to serious consequences such as reentrancy, denial of service, privilege escalation, or contract destruction — even when the contract’s arithmetic is correct and well-tested.

Detectors in This Category

Some of the key issues covered include:

  • Control Flow Risks:

    • Reentrancy
    • Unbounded loops
    • Unsafe use of delegatecall, selfdestruct, and external calls
    • Denial-of-service vectors

  • Logic and Validation Errors:

    • Incorrect function visibility
    • Improper admin checks
    • Missing validation fall-through
    • Unchecked return values

  • Code Structure and Maintenance Hazards:

    • Conflicting inheritance hierarchies
    • Misuse of low-level opcodes like create2
    • Use of raw assembly
    • Typographical and encoding-related bugs (e.g., unsafe Unicode characters)

These detectors help ensure that contract logic executes as intended, remains secure against sophisticated attacker interactions, and avoids subtle pitfalls introduced through poor design or incorrect assumptions.

Browse the detectors to learn about each pattern in detail.