Each delegatecall runs in the caller’s storage space, so nesting them multiplies the chances of overwriting incorrect slots. This breaks upgradeability guarantees and corrupts state. Auditors treat deep delegatecall chains as red flags.

Constructors run only during deployment and do not execute through proxies. Using an initializer ensures state is properly set through proxy calls. The entire proxy pattern relies on replacing constructors with explicit initialization.

SSTORE is one of the most expensive operations and repeating it unnecessarily multiplies costs. Caching values into memory and writing once dramatically optimizes gas. This is foundational in gas-sensitive protocols.

assert() triggers a Panic error and is intended only for internal guarantees. If it fires in production, it indicates a compiler or logic bug. Developers should use require() for user-facing validation.

Validating msg.value early ensures no state mutation occurs before detecting invalid ether transfers. This prevents partially updated storage on failure, preserving atomicity. It aligns with checks-effects-interactions

Selector collisions occur when different function signatures hash to the same first 4 bytes. This leads to unintended dispatching and silent bugs. It’s especially dangerous in diamond proxies and minimal routers.

Fallbacks receive raw calldata without predefined structure, forcing developers to manually decode and validate inputs. Any mistake leads to reentrancy or mis-routing. They must be extremely minimal.

Storage accesses require Merkle-Patricia proof validation at the state level. This makes SLOAD one of the most expensive operations in Solidity. Caching values into memory significantly reduces repeated cost.

Unbounded loops that depend on storage or user-controlled arrays can exhaust gas and render functions uncallable. Attackers can intentionally cause denial-of-service through loop amplification. Good design avoids external iteration

String comparison requires hashing or byte-by-byte checks, both of which are expensive in the EVM model. It also introduces risk when mixed with packed encodings. Developers instead rely on enums or hashed IDs.

Memory follows a quadratic cost function, meaning costs rise rapidly as the memory footprint grows. Careless array allocations can suddenly inflate execution cost. This is a frequent root cause of gas blowups in audits.

PUSH0 provides a zero literal without consuming calldata or memory. This reduces bytecode size and simplifies stack management. It's extremely helpful in tight loops and assembly-heavy contracts.

State shadowing happens when a derived contract redeclares a state variable with the same name as a parent. This creates storage misalignment and unexpected slot overwrites. Auditors treat this as a major upgradeability and correctness risk.

Calldata avoids copying user inputs into memory, significantly reducing gas usage for large payloads. Router contracts receive untrusted inputs, so avoiding memory expansion is both cheaper and safer. This is why AMMs and DEX routers heavily rely on calldata

Silent reverts hide failure reasons, making debugging and validation difficult. They also open the door for inconsistent execution paths