Glossary
Common terms and definitions used in BlockSecOps. --- The standard interface for interacting with Ethereum smart contracts. Defines function signatures,...
Glossary
Common terms and definitions used in BlockSecOps.
A
ABI (Application Binary Interface)
The standard interface for interacting with Ethereum smart contracts. Defines function signatures, parameter types, and return values.
Access Control
Security mechanisms that restrict who can call specific functions in a smart contract. Common patterns include Ownable, Role-Based Access Control (RBAC), and multi-signature requirements.
Audit
A systematic review of smart contract code to identify security vulnerabilities, logic errors, and optimization opportunities.
Audit Log
A chronological record of all user activities within an organization, including logins, scans, configuration changes, and data access.
B
Bytecode
The compiled, machine-readable version of smart contract code that runs on the blockchain virtual machine.
Base (Network)
An Ethereum Layer 2 network where BlockSecOps x402 credits are purchased using USDC.
C
CEI Pattern (Checks-Effects-Interactions)
A secure coding pattern where functions first check conditions, then update state, and finally interact with external contracts to prevent reentrancy attacks.
CI/CD (Continuous Integration/Continuous Deployment)
Automated software development practices that integrate security scanning into the build and deployment pipeline.
Confidence Level
A scanner's certainty about a finding. Levels: High (very likely), Medium (probable), Low (possible).
Contract
A smart contract—self-executing code deployed on a blockchain that automatically enforces rules and agreements.
Critical (Severity)
The highest severity level for vulnerabilities. Represents immediate risk of fund loss, unauthorized access, or contract destruction.
D
Deep Scan
The most thorough scan preset in BlockSecOps. Runs all available scanners including formal verification and fuzzing (10-30 minutes).
Deduplication
The process of identifying and consolidating duplicate vulnerability findings from multiple scanners into a single unified finding.
DeFi (Decentralized Finance)
Financial applications built on blockchain technology, including lending protocols, exchanges, and yield farming.
E
ERC (Ethereum Request for Comments)
Standards for Ethereum tokens and contracts. Common standards: ERC-20 (fungible tokens), ERC-721 (NFTs), ERC-1155 (multi-token).
External Call
A smart contract calling another contract. External calls introduce security risks including reentrancy and unexpected reverts.
F
False Positive
A vulnerability finding that isn't actually a security issue. Can occur due to scanner limitations or code patterns the scanner doesn't recognize.
Finding
A potential vulnerability or issue identified by a scanner during analysis.
Flash Loan
An uncollateralized loan that must be borrowed and repaid within a single transaction. Often used in DeFi attacks.
Formal Verification
Mathematical proof-based analysis that verifies a contract behaves according to its specification. More thorough than static analysis.
Front-running
An attack where a malicious actor observes pending transactions and submits their own transaction with higher gas to execute first.
Fuzzing (Fuzz Testing)
Automated testing that generates random or semi-random inputs to find edge cases and vulnerabilities.
G
Gas
The computational cost unit for executing operations on Ethereum. Contracts should be optimized to minimize gas usage.
Gas Griefing
An attack that causes a transaction to consume excessive gas, potentially causing denial of service.
H
High (Severity)
The second-highest severity level. Represents significant risk that could lead to fund loss or contract malfunction under specific conditions.
Honeypot
A malicious contract designed to appear vulnerable but actually traps users who try to exploit it.
I
Immutable
Variables or contracts that cannot be changed after deployment. Improves security but limits upgradeability.
Import Resolution
The process of finding and loading external contract dependencies (like OpenZeppelin libraries) during scanning.
Informational (Severity)
The lowest severity level. Suggestions for code quality, gas optimization, or best practices without security impact.
Integer Overflow/Underflow
A vulnerability where arithmetic operations exceed the maximum or minimum value a variable can hold. Prevented by Solidity 0.8+ built-in checks.
L
Low (Severity)
Minor issues with limited security impact. May indicate code quality issues or minor gas inefficiencies.
Linter
A static analysis tool that checks code for style, quality, and potential errors without executing it.
M
Medium (Severity)
Moderate issues that could lead to unexpected behavior or minor fund loss under specific circumstances.
MEV (Maximal Extractable Value)
Value extracted by miners/validators through transaction ordering, including front-running and sandwich attacks.
Multi-sig (Multi-signature)
A security pattern requiring multiple parties to approve a transaction before execution.
N
NFT (Non-Fungible Token)
Unique tokens representing ownership of digital or physical assets. Typically implemented using ERC-721 or ERC-1155.
O
Oracle
An external data source that provides off-chain information to smart contracts. Oracle manipulation is a common attack vector.
Organization
A BlockSecOps account that can contain multiple users, teams, and projects. Enables collaboration and access control.
Owner
The administrative account of a smart contract or BlockSecOps organization with full access rights.
P
Preset
A predefined scanner configuration in BlockSecOps. Options: Quick, Standard, Deep.
Price Oracle
A smart contract or service that provides token prices. Vulnerable to manipulation attacks if not properly secured.
Project
A collection of related smart contracts in BlockSecOps for organizational purposes.
Proxy Pattern
An upgradeability pattern where a proxy contract delegates calls to an implementation contract that can be replaced.
Q
Quick Scan
The fastest scan preset in BlockSecOps. Runs essential static analyzers (30 seconds - 2 minutes).
R
RBAC (Role-Based Access Control)
An access control pattern where permissions are assigned to roles, and users are assigned roles.
Reentrancy
A vulnerability where a contract calls another contract which then calls back into the first contract before the initial execution completes.
Remediation
The process of fixing identified vulnerabilities.
Risk Score
A numerical rating (0-100) calculated by BlockSecOps intelligence engine representing overall contract risk.
S
Sandwich Attack
A front-running attack that places transactions before and after a target transaction to profit from price movement.
Scanner
An automated tool that analyzes smart contract code for vulnerabilities. BlockSecOps runs 17+ scanners.
SIWE (Sign-In With Ethereum)
An authentication standard allowing users to log in using their Ethereum wallet.
Slippage
The difference between expected and actual trade prices. Slippage protection prevents sandwich attacks.
Solidity
The most popular programming language for Ethereum smart contracts.
SSO (Single Sign-On)
Authentication that allows users to access multiple applications with one set of credentials.
Standard Scan
The recommended scan preset in BlockSecOps. Balances thoroughness with speed (2-5 minutes).
Static Analysis
Code analysis performed without executing the program. Identifies patterns that may indicate vulnerabilities.
Symbolic Execution
An analysis technique that explores possible program paths using symbolic values instead of concrete inputs.
T
TAM (Technical Account Manager)
A dedicated technical resource assigned to Enterprise customers for integration and support.
Team
A group of users within an organization with shared project access and permissions.
Token
A digital asset on a blockchain. Can be fungible (ERC-20) or non-fungible (ERC-721/1155).
Triage
The process of evaluating and prioritizing vulnerability findings for remediation.
U
Unchecked
A Solidity block that disables overflow/underflow checks. Can improve gas efficiency but requires careful use.
Upgradeable Contract
A contract pattern that allows implementation logic to be changed after deployment while preserving state.
USDC
USD Coin, a stablecoin pegged to the US dollar. Used for x402 credit purchases on Base network.
V
Vulnerability
A security weakness in smart contract code that could be exploited by attackers.
Vyper
A Python-like programming language for Ethereum smart contracts, designed for security and simplicity.
W
Wallet
Software or hardware that stores cryptocurrency private keys and enables blockchain interactions.
WalletConnect
A protocol for connecting mobile wallets to desktop applications.
Webhook
An HTTP callback that sends data to a specified URL when events occur. Used for notifications and integrations.
X
x402 Credits
BlockSecOps pay-per-scan credits purchased with USDC on Base network. Named after HTTP 402 "Payment Required" status code.
Y
Yield Farming
A DeFi strategy of moving funds between protocols to maximize returns. Complex yield strategies require careful security review.
Z
Zero-Day
A vulnerability that is unknown to the software vendor and has no available patch.
Scanner Names
Aderyn
A Rust-based static analyzer for Solidity with fast execution and low false positives.
Certora Prover
A formal verification tool that mathematically proves contract properties.
Echidna
A property-based fuzzer for Ethereum smart contracts using coverage-guided testing.
Halmos
A symbolic testing tool that explores all possible execution paths.
Medusa
A parallelized smart contract fuzzer for finding edge cases.
Mythril
A symbolic execution tool that detects security vulnerabilities through deep analysis.
Semgrep
A lightweight static analyzer with custom rule support.
Slither
The most widely-used static analyzer for Solidity with 90+ vulnerability detectors.
Solhint
A Solidity linter checking code style and security best practices.
SolidityDefend
An AI-powered analyzer that identifies complex vulnerability patterns.
Wake
A Python-based static analyzer with vulnerability detection and testing capabilities.