# Runtime Security

Detect attacks that happen during transaction execution.

## Reentrancy Detection <a href="#reentrancy" id="reentrancy"></a>

Monitors when contracts or functions are called recursively before initial execution completes. Available at both contract-level and function-level granularity for precise coverage of withdraw, transfer, and critical state-changing functions.

**Related Incidents:** Penpie ($27M), Sumer Money, Minterest Finance

## Flash Loan Monitoring <a href="#flash-loan" id="flash-loan"></a>

Detects transactions that combine flash loan operations with calls to critical contracts or significant fund outflows. Catches manipulation attempts, price oracle attacks, and complex DeFi exploits using uncollateralized instant loans.

**Related Incidents:** Multiple oracle manipulation attacks

## Function Sequence Validation <a href="#function-sequences" id="function-sequences"></a>

Alerts if functions occur in unexpected sequences. Use whitelist mode to enforce atomic execution or blacklist mode to block dangerous patterns.

**Related Incidents:** Sonne Finance, DeltaPrime, UwU Lend

## External Call Protection <a href="#external-calls" id="external-calls"></a>

Enforces strict rules on which functions can be called immediately after specific contract interactions. Whitelist or blacklist specific call patterns to detect unauthorized interactions.

**Related Incidents:** Spectra, Dough Finance, LI.FI

## Illogical Function Loops <a href="#abusive-loops" id="abusive-loops"></a>

Detects suspicious function call patterns that shouldn't occur in the same transaction, like adding and removing liquidity atomically, or opening and liquidating a position in a single tx.

**Related Incidents:** Vyper exploit, Zunami

## Sandwich Attack Detection <a href="#sandwich" id="sandwich"></a>

Monitors for coordinated sandwich attacks, front-running, and back-running patterns. Identifies MEV bots, transaction reordering attacks, and mempool exploitation that steal value through slippage manipulation.

## Delegatecall Monitoring <a href="#delegatecall" id="delegatecall"></a>

Monitors delegatecalls to unauthorized functions that could compromise contract security. Detects malicious delegatecall attacks, unauthorized proxy calls, implementation manipulation, and access control bypasses.

## High Gas Detection <a href="#high-gas" id="high-gas"></a>

Identifies transactions with unusually high gas consumption that may indicate attack attempts, DoS attempts, infinite loops, reentrancy exploits, or computational abuse.

## Trace Call Frequency <a href="#trace-call-frequency" id="trace-call-frequency"></a>

Detects potential exploits by identifying excessive function call frequencies within single transactions.

{% hint style="info" %}
**Need a custom guard?** Our security team can build guards tailored to your protocol's specific architecture. [Get in touch →](https://www.guardrail.ai/get-started)
{% endhint %}

***