OGGlossary OSSolana vocabulary rebuilt for builders.
ENPT-BRES
Web3

Smart Contract Risk

The risk that bugs, logic errors, or exploitable vulnerabilities in on-chain program code could lead to loss of user funds. Smart contract risk is inherent to all DeFi participation because programs are immutable once deployed (unless upgradeable) and handle real value. Mitigations include professional security audits, formal verification, bug bounties, timelocks on upgrades, and starting with small amounts. Even audited programs can contain undiscovered vulnerabilities.

IDsmart-contract-risk
Plain meaning

Plain meaning

Start with the shortest useful explanation before going deeper.

The risk that bugs, logic errors, or exploitable vulnerabilities in on-chain program code could lead to loss of user funds. Smart contract risk is inherent to all DeFi participation because programs are immutable once deployed (unless upgradeable) and handle real value. Mitigations include professional security audits, formal verification, bug bounties, timelocks on upgrades, and starting with small amounts. Even audited programs can contain undiscovered vulnerabilities.

Mental model

Mental model

Use the quick analogy first so the term is easier to reason about when you meet it in code, docs, or prompts.

Think of it as a building block that connects one definition to the larger Solana system around it.

Technical context

Technical context

Place the term inside its Solana layer so the definition is easier to reason about.

Wallets, signing flows, dApps, and key management concepts.

Why builders care

Why builders care

Turn the term from vocabulary into something operational for product and engineering work.

This term unlocks adjacent concepts quickly, so it works best when you treat it as a junction instead of an isolated definition.

AI handoff

AI handoff

Use this compact block when you want to give an agent or assistant grounded context without dumping the entire page.

Smart Contract Risk (smart-contract-risk)
Category: Web3
Definition: The risk that bugs, logic errors, or exploitable vulnerabilities in on-chain program code could lead to loss of user funds. Smart contract risk is inherent to all DeFi participation because programs are immutable once deployed (unless upgradeable) and handle real value. Mitigations include professional security audits, formal verification, bug bounties, timelocks on upgrades, and starting with small amounts. Even audited programs can contain undiscovered vulnerabilities.
Related: Security Audit, Rug Pull, DeFi (Decentralized Finance)
Glossary Copilot

Ask grounded Solana questions without leaving the glossary.

Use glossary context, relationships, mental models, and builder paths to get structured answers instead of generic chat output.

Open full Copilot workspace
Explain this code

Optional: paste Anchor, Solana, or Rust code so the Copilot can map primitives back to glossary terms.

Ask a glossary-grounded question

Ask a glossary-grounded question

The Copilot will answer using the current term, related concepts, mental models, and the surrounding glossary graph.

Concept graph

See the term as part of a network, not a dead-end definition.

These branches show which concepts this term touches directly and what sits one layer beyond them.

Branch

Security Audit

A formal, structured review of a Solana program's source code, architecture, and deployment configuration by experienced security researchers, aimed at identifying vulnerabilities — including but not limited to the OWASP-equivalent Solana Top 10 (missing signer checks, owner checks, arithmetic errors, etc.) — before mainnet deployment. Reputable Solana-focused audit firms include OtterSec, Ackee Blockchain, sec3 (formerly Soteria), Neodyme, Trail of Bits, and Halborn; most audits produce a severity-rated finding report (critical, high, medium, low, informational) that programs are expected to remediate and publish. A single audit is considered minimum due diligence for programs holding significant user funds; continuous auditing and bug bounties on platforms like Immunefi are considered best practice.

OtterSecSec3 (formerly Soteria)
Open term
Branch

Rug Pull

A crypto scam where project creators abandon a project after accumulating user funds, typically by draining liquidity pools, selling pre-minted tokens, or exploiting admin keys. Red flags: anonymous teams, unaudited contracts, concentrated token supply, locked liquidity absent, and excessive hype. Always verify program source, check authorities, and review audits before depositing.

Open term
Branch

DeFi (Decentralized Finance)

Financial services built on blockchain smart contracts that operate without traditional intermediaries (banks, brokers). DeFi includes lending, borrowing, trading, insurance, and derivatives. Key properties: permissionless (anyone can participate), composable (protocols can be combined), transparent (open-source, auditable). Solana DeFi TVL has exceeded $5B, led by Jupiter, Raydium, Marinade, and Kamino.

AMM (Automated Market Maker)Lending Protocol
Open term
Next concepts to explore

Keep the learning chain moving instead of stopping at one definition.

These are the next concepts worth opening if you want this term to make more sense inside a real Solana workflow.

Security

Security Audit

A formal, structured review of a Solana program's source code, architecture, and deployment configuration by experienced security researchers, aimed at identifying vulnerabilities — including but not limited to the OWASP-equivalent Solana Top 10 (missing signer checks, owner checks, arithmetic errors, etc.) — before mainnet deployment. Reputable Solana-focused audit firms include OtterSec, Ackee Blockchain, sec3 (formerly Soteria), Neodyme, Trail of Bits, and Halborn; most audits produce a severity-rated finding report (critical, high, medium, low, informational) that programs are expected to remediate and publish. A single audit is considered minimum due diligence for programs holding significant user funds; continuous auditing and bug bounties on platforms like Immunefi are considered best practice.

Open term
Web3

Rug Pull

A crypto scam where project creators abandon a project after accumulating user funds, typically by draining liquidity pools, selling pre-minted tokens, or exploiting admin keys. Red flags: anonymous teams, unaudited contracts, concentrated token supply, locked liquidity absent, and excessive hype. Always verify program source, check authorities, and review audits before depositing.

Open term
Web3

DeFi (Decentralized Finance)

Financial services built on blockchain smart contracts that operate without traditional intermediaries (banks, brokers). DeFi includes lending, borrowing, trading, insurance, and derivatives. Key properties: permissionless (anyone can participate), composable (protocols can be combined), transparent (open-source, auditable). Solana DeFi TVL has exceeded $5B, led by Jupiter, Raydium, Marinade, and Kamino.

Open term
Web3

Sniping

Buying a token immediately at launch using automated bots that detect pool creation events and execute buy transactions in the same block. Snipers monitor new Raydium liquidity pools and Pump.fun graduation migrations to buy before other traders can react. Anti-snipe mechanics such as delayed trading windows and launch taxes are designed to mitigate this practice.

Open term
Commonly confused with

Terms nearby in vocabulary, acronym, or conceptual neighborhood.

These entries are easy to mix up when you are reading quickly, prompting an LLM, or onboarding into a new layer of Solana.

Web3counterparty-risk

Counterparty Risk

The risk that the other party in a financial arrangement fails to meet their obligations, resulting in a loss. In crypto, counterparty risk exists when you trust a centralized entity with your funds, such as a centralized exchange, custodian, or lending platform. DeFi protocols aim to reduce counterparty risk by replacing trusted intermediaries with transparent smart contracts, though they introduce smart contract risk instead. The collapse of FTX in 2022 was a major counterparty risk event.

Open term
Related terms

Follow the concepts that give this term its actual context.

Glossary entries become useful when they are connected. These links are the shortest path to adjacent ideas.

Securityaudit

Security Audit

A formal, structured review of a Solana program's source code, architecture, and deployment configuration by experienced security researchers, aimed at identifying vulnerabilities — including but not limited to the OWASP-equivalent Solana Top 10 (missing signer checks, owner checks, arithmetic errors, etc.) — before mainnet deployment. Reputable Solana-focused audit firms include OtterSec, Ackee Blockchain, sec3 (formerly Soteria), Neodyme, Trail of Bits, and Halborn; most audits produce a severity-rated finding report (critical, high, medium, low, informational) that programs are expected to remediate and publish. A single audit is considered minimum due diligence for programs holding significant user funds; continuous auditing and bug bounties on platforms like Immunefi are considered best practice.

Open term
Web3rug-pull

Rug Pull

A crypto scam where project creators abandon a project after accumulating user funds, typically by draining liquidity pools, selling pre-minted tokens, or exploiting admin keys. Red flags: anonymous teams, unaudited contracts, concentrated token supply, locked liquidity absent, and excessive hype. Always verify program source, check authorities, and review audits before depositing.

Open term
Web3defi-general

DeFi (Decentralized Finance)

Financial services built on blockchain smart contracts that operate without traditional intermediaries (banks, brokers). DeFi includes lending, borrowing, trading, insurance, and derivatives. Key properties: permissionless (anyone can participate), composable (protocols can be combined), transparent (open-source, auditable). Solana DeFi TVL has exceeded $5B, led by Jupiter, Raydium, Marinade, and Kamino.

Open term
More in category

Stay in the same layer and keep building context.

These entries live beside the current term and help the page feel like part of a larger knowledge graph instead of a dead end.

Web3

Web3

The vision of a decentralized internet built on blockchain technology, where users own their data, identity, and digital assets. Web1 was read-only (static pages), Web2 is read-write (platforms like social media), Web3 is read-write-own (permissionless, user-sovereign). Web3 applications use wallets instead of logins and smart contracts instead of centralized servers.

Open term
Web3

dApp (Decentralized Application)

An application with its backend logic running on a blockchain as smart contracts rather than centralized servers. dApps typically have a traditional web frontend that interacts with on-chain programs via RPC. Users authenticate with wallets instead of username/password. Examples: Uniswap (Ethereum DEX), Jupiter (Solana DEX), Magic Eden (NFT marketplace).

Open term
Web3

Wallet

Software or hardware that manages cryptographic keys and enables users to sign transactions, view balances, and interact with dApps. Hot wallets (Phantom, Solflare, Backpack) are internet-connected for convenience. Cold wallets (Ledger, Trezor) store keys offline for security. Wallets don't actually 'hold' tokens—they hold the private keys that control on-chain accounts.

Open term
Web3

Seed Phrase (Mnemonic)

A 12 or 24-word human-readable backup of a wallet's master private key, generated using BIP-39 standard. The seed phrase can deterministically regenerate all derived keypairs (BIP-44 derivation paths). Losing the seed phrase means permanently losing access to all associated accounts. Never share, photograph, or store seed phrases digitally in plain text.

Open term