The bad programming habits may cause some unexpected transactions, such as wrong authority declaration, redundant implementation of callback function, predictable random numbers, etc.
The difference between smart contract code and functional requirements may lead to some logical vulnerability of smart contract code.
The wrong call of functions, such as call, delegatecall, selfdestruct, will bring about some unpredictably logical security vulnerability.
Integer overflow and underflow will lead to the illegal transactions, which causes a great loss of property .
The wrong call of reentrant function may lead to the failure of transactions or uncontrollable transfer behavior.
The wrong execution-ordering may bypass exception detection and increase the risks of wrong transfer behavior.
The execution results of timestamp-depended smart contracts may be manipulated illegally, which causes some incorrect business logical errors.
The wrong usage of functional code provided by platform may cause loss of property. For example, using tx.origin for identity authentication.