Vulnerability Patterns Overview
The table below presents the total number of findings for each vulnerability pattern across all analyzed contracts.
| Vulnerability Patterns | Findings |
|---|---|
| Business Logic | 137 |
| Calculation Errors | 87 |
| Input Validation | 59 |
| Access Control | 41 |
| State Management | 37 |
| Denial of Service | 27 |
| Oracle Issues | 19 |
| Data Inconsistency | 17 |
| Missing Functions | 17 |
| Centralization Risk | 16 |
| Gas-related Issues | 11 |
| Runtime/Development Issues | 10 |
| Constant Definition | 7 |
| Looping Issues | 6 |
| Front-running | 5 |
| Cross-Implementation | 2 |
| Missing Version Check | 2 |
| Inflation Attacks | 1 |
| Total | 501 |
As we can see, business logic vulnerabilities account for more than 25% of the database findings. Calculation errors were the second most common issue, followed by input validation.
Next, let's examine the vulnerability patterns in detail, broken down by severity.
| Vulnerability Patterns | RWE | C | H | M | Total |
|---|---|---|---|---|---|
| Business Logic | 17 | 50 | 70 | 137 | |
| Calculation Errors | 10 | 25 | 52 | 87 | |
| Input Validation | 14 | 23 | 22 | 59 | |
| Access Control | 12 | 18 | 11 | 41 | |
| State Management | 7 | 13 | 17 | 37 | |
| Denial of Service | 1 | 2 | 24 | 27 | |
| Oracle Issues | 1 | 3 | 4 | 11 | 19 |
| Data Inconsistency | 2 | 9 | 6 | 17 | |
| Missing Functions | 1 | 3 | 13 | 17 | |
| Centralization Risk | 8 | 8 | 16 | ||
| Gas-related Issues | 11 | 11 | |||
| Runtime/Development Issues | 10 | 10 | |||
| Constant Definition | 2 | 1 | 4 | 7 | |
| Looping Issues | 1 | 2 | 3 | 6 | |
| Front-running | 3 | 2 | 5 | ||
| Cross-Implementation | 2 | 2 | |||
| Missing Version Check | 2 | 2 | |||
| Inflation Attacks | 1 | 1 | |||
| Total | 1 | 70 | 163 | 267 | 501 |
Based on Criticals and Highs: Business Logic, Input Validation, Calculation Errors, Access Control, and State Management are the top 5 vulnerability classes.
Based on Mediums: Business Logic, Calculation Errors, and Denial of Service are the top 3 most commonly found vulnerability patterns.
💡 Note
The Move Vulnerability Database provides a comprehensive overview of vulnerabilities observed across audited Move protocols and serves as a guide to understanding risk concentration. Readers are encouraged to use the data to draw their own conclusions, identify trends, and consider protocol context, design, and specific use cases when assessing potential vulnerabilities.