Once deployed, smart contracts cannot be patched. Every vulnerability is permanent and publicly visible. $3.8B lost in 2024 alone. Security auditing is not optional — it is existential.
The ML Production Stack
A production ML system has more moving parts than most people expect. Google's famous paper on hidden technical debt in ML systems illustrated this vividly: the actual ML model code represents a tiny fraction of the overall system. The majority is data collection, feature extraction, configuration management, serving infrastructure, monitoring, and process management.
The core infrastructure you need includes: a version-controlled training pipeline that produces identical results given identical inputs, a model registry that tracks every trained model along with its metrics, parameters, and lineage, a serving layer that exposes models via APIs with appropriate latency and throughput guarantees, and a monitoring system that tracks both technical health and prediction quality over time.
For early-stage ML deployments, managed services like AWS SageMaker, Google Vertex AI, or Azure ML provide much of this infrastructure out of the box. As your ML practice matures and you deploy more models, the cost and flexibility constraints of managed services may push you toward open-source alternatives like MLflow, Kubeflow, and Seldon Core. The key is to start simple and add complexity only when you have demonstrated value with your initial models.
The standard defense against reentrancy.| Batch (Airflow/Spark) | Recommendations, risk scores, forecasts | Minutes to hours | Low | Low |
| REST API (FastAPI + Docker) | Simple models, low-medium traffic | 10-100ms | Low-Medium | Low |
| Managed (SageMaker/Vertex) | Teams without MLOps engineers | 10-50ms | Medium | High |
| Triton/TF Serving | Deep learning, GPU inference | 1-10ms | High | Medium-High |
| Edge (ONNX/TensorRT) | Mobile, IoT, real-time video | 1-5ms | High | Low (after setup) |
Smart contract security is not a cost — it is insurance. The $50K-$200K audit cost is trivial compared to the $3.8B lost annually. Audit before deploy, always.
Smart contract security auditing is essential to prevent exploits that caused $3.8 billion in losses in 2024. Reentrancy remains the number one exploit vector at 35% of all attacks. A comprehensive audit combines automated tools like Slither and Mythril (which catch roughly 40% of vulnerabilities) with manual expert review, formal verification, and ongoing bug bounty programs to reduce exploit risk by up to 80%.
Key Takeaways
- Reentrancy remains the #1 exploit vector
- Formal verification catches bugs testing misses
- Multi-sig and timelock for admin functions
- Automated tools catch 40% of vulns, manual review essential
- Test coverage should exceed 95% for deployed contracts
Frequently Asked Questions
Key Terms
- Reentrancy
- Vulnerability where external calls re-enter the calling contract before state updates complete.
- Formal Verification
- Mathematical proof that contract code satisfies specified properties.
- Timelock
- Delay mechanism requiring waiting period before admin actions execute.
Thinking about your security posture?
Zero trust, compliance and pen testing look different depending on your stack, industry and team. If you are working through what to prioritise, we are glad to share our perspective.
Share Your Security GoalsSummary
Smart contract exploits caused $3.8B in losses in 2024. This guide covers reentrancy, integer overflow, access control flaws, and comprehensive audit processes.