Solidity by Example Hacks

Example from Solidity by Example

Checklist	Notes
Re-entrancy
Arithmetic Overflow and Underflow
Self Destruct
Accessing Private Data
Delegate Call
Source of Randomness
Denial of Service
Phishing with tx.origin
Hiding Malicious Code with External Contract
Honeypot
Front Running
Block Timestamp Manipulation
Signature Replay
Bypass Contract Size Check

Questions

Which of these fourteen attack vectors is responsible for the largest dollar losses in DeFi history, and does the pattern still apply after EIP-1884?

• Re-entrancy exploits like the 2016 DAO hack remain on this list — what Solidity pattern (checks-effects-interactions) specifically blocks it, and why do developers still get it wrong?
• Front running is listed alongside arithmetic overflow — are these equally preventable in modern Solidity, or does one require protocol-level design changes the other does not?
• The Delegate Call vulnerability depends on storage layout alignment — when you upgrade a contract using a proxy pattern, what breaks if the layout shifts?