Unbounded loops can make a function exceed block gas limits as state grows, permanently preventing execution. This becomes a real denial-of-service risk in airdrops, reward claims, holder iteration, governance cleanup, and array clearing logic. In smart contract developer interviews, this question tests whether a candidate can connect gas limits, production scale, and secure contract design instead of only writing code that works in a small test case. If this topic appears in interviews, use AOB’s Smart Contract Interview Prep Hub to connect gas limits, denial-of-service risk, Solidity reasoning, and production-scale smart contract design into a clearer interview answer.

In upgradeable contracts, the proxy holds storage while the implementation code changes. If developers reorder variables or change types, storage slots map incorrectly—corrupting balances, roles, or critical pointers. This is a high-severity issue in audits. Interviewers expect candidates to mention append-only storage layout, storage gaps, and standards like EIP-1967 for proxy slots.

tx.origin authorization can be bypassed if a user is tricked into calling an attacker contract, which then calls the target contract—tx.origin remains the user. This is a known insecure pattern in Ethereum security. Interviewers like it because it tests whether candidates understand call chains and why msg.sender + explicit access control is the correct boundary.