Public variables automatically generate getter functions. If a function shares the same name, the compiler prioritizes the variable-generated getter, shadowing the function definition.

Solidity does not support a final or sealed keyword for contracts. Any contract can be inherited unless architectural constraints are enforced manually.

pure functions cannot read blockchain context such as msg.sender or block.timestamp. They are restricted to computation based solely on input parameters and local variables

Without the virtual keyword, a function cannot be overridden in derived contracts. This breaks the override chain and prevents proper polymorphic behavior in multiple inheritance scenarios.

constant variables are evaluated at compile time and embedded directly into contract bytecode. This guarantees immutability and avoids any runtime storage access or gas cost.

An uninitialized storage pointer defaults to storage slot zero. This can overwrite critical state variables such as ownership or balances, making it a high-severity audit issue.

private functions and variables are accessible only within the defining contract. They cannot be called or overridden by child contracts, which blocks inheritance-based modification entirely.

If a modifier reverts after the _ placeholder executes, the entire transaction is reverted. All state changes made inside the function and modifier are rolled back due to Ethereum’s atomic execution model.

The override keyword forces explicit acknowledgment when a derived contract replaces a parent variable or function. This prevents accidental state variable shadowing in inheritance hierarchies, which can otherwise lead to subtle storage corruption bugs.

Attackers can trick users into calling a malicious contract. That contract then makes a call where tx.origin equals the victim’s address. This bypasses access control and leads to unauthorized actions.

Fallback functions run automatically when unknown calls or plain ETH are sent. If they contain external calls or heavy logic, attackers can trigger recursion or re-entrancy. They must be kept minimal and safe.

encodePacked removes padding, which can produce identical byte sequences for different inputs. When combined with hashing, this may cause collisions. Using abi.encode is safer for multi-field data.

Each delegatecall runs in the caller’s storage space, so nesting them multiplies the chances of overwriting incorrect slots. This breaks upgradeability guarantees and corrupts state. Auditors treat deep delegatecall chains as red flags.

Constructors run only during deployment and do not execute through proxies. Using an initializer ensures state is properly set through proxy calls. The entire proxy pattern relies on replacing constructors with explicit initialization.

SSTORE is one of the most expensive operations and repeating it unnecessarily multiplies costs. Caching values into memory and writing once dramatically optimizes gas. This is foundational in gas-sensitive protocols.