🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Business logic vulnerability

Logic errors, also known as business logic vulnerabilities, are subtle flaws in smart contracts. They occur when the contract’s code does not match its intended behavior. These errors can manifest in various forms, such as faulty math in reward distribution, improper token minting mechanisms, or incorrect calculations in lending and borrowing logic. Such vulnerabilities are elusive, hiding within the contract’s logic and waiting to be discovered.

Remediation

  • Always validate your code by writing comprehensive test cases that cover all possible business logic scenarios.
  • Conduct thorough code reviews and audits to identify and fix potential logic errors.
  • Document the intended behavior of each function and module, and compare it to the actual implementation to ensure alignment.

Metadata

  • Severity: medium
  • Slug: business-logic-vulnerability

CWEs

  • 682: Incorrect Calculation

OWASP

  • SC03:2025: Logic Errors

Available Labs

Select a language to explore available labs for this vulnerability.

No matching labs found

Try adjusting your language filter.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.