> For the complete documentation index, see [llms.txt](https://docs.guardrail.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.guardrail.ai/guards/runtime.md).

# Runtime Security

Detect attacks that happen during transaction execution.

## Reentrancy Detection <a href="#reentrancy" id="reentrancy"></a>

Monitors when contracts or functions are called recursively before initial execution completes. Available at both contract-level and function-level granularity for precise coverage of withdraw, transfer, and critical state-changing functions.

**Related Incidents:** Penpie ($27M), Sumer Money, Minterest Finance

## Flash Loan Monitoring <a href="#flash-loan" id="flash-loan"></a>

Detects transactions that combine flash loan operations with calls to critical contracts or significant fund outflows. Catches manipulation attempts, price oracle attacks, and complex DeFi exploits using uncollateralized instant loans.

**Related Incidents:** Multiple oracle manipulation attacks

## Function Sequence Validation <a href="#function-sequences" id="function-sequences"></a>

Alerts if functions occur in unexpected sequences. Use whitelist mode to enforce atomic execution or blacklist mode to block dangerous patterns.

**Related Incidents:** Sonne Finance, DeltaPrime, UwU Lend

## External Call Protection <a href="#external-calls" id="external-calls"></a>

Enforces strict rules on which functions can be called immediately after specific contract interactions. Whitelist or blacklist specific call patterns to detect unauthorized interactions.

**Related Incidents:** Spectra, Dough Finance, LI.FI

## Illogical Function Loops <a href="#abusive-loops" id="abusive-loops"></a>

Detects suspicious function call patterns that shouldn't occur in the same transaction, like adding and removing liquidity atomically, or opening and liquidating a position in a single tx.

**Related Incidents:** Vyper exploit, Zunami

## Sandwich Attack Detection <a href="#sandwich" id="sandwich"></a>

Monitors for coordinated sandwich attacks, front-running, and back-running patterns. Identifies MEV bots, transaction reordering attacks, and mempool exploitation that steal value through slippage manipulation.

## Delegatecall Monitoring <a href="#delegatecall" id="delegatecall"></a>

Monitors delegatecalls to unauthorized functions that could compromise contract security. Detects malicious delegatecall attacks, unauthorized proxy calls, implementation manipulation, and access control bypasses.

## High Gas Detection <a href="#high-gas" id="high-gas"></a>

Identifies transactions with unusually high gas consumption that may indicate attack attempts, DoS attempts, infinite loops, reentrancy exploits, or computational abuse.

## Trace Call Frequency <a href="#trace-call-frequency" id="trace-call-frequency"></a>

Detects potential exploits by identifying excessive function call frequencies within single transactions.

{% hint style="info" %}
**Need a custom guard?** Our security team can build guards tailored to your protocol's specific architecture. [Get in touch →](https://www.guardrail.ai/get-started)
{% endhint %}

***


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.guardrail.ai/guards/runtime.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.