# Smart Contract For high-volume, highly audited protocols, we rely on audits and public information as a guide for evaluating smart contract risk. Elsewhere, with new protocols, a deeper analysis is performed with our general framework revolving around the following: **Code Vulnerabilities**: Contracts may have coding errors or vulnerabilities that can be exploited by attackers, for example with reentrancy attacks, integer overflows, and more.. **Security of External Dependencies**: Smart contracts may rely on external data sources, such as oracles, to function properly. If these external dependencies are compromised or can be manipulated, it can introduce significant risk to the smart contract. **Regulatory and Legal Risks**: Some smart contracts operate within an existing legal framework, and their execution must comply with relevant laws and regulations. Failure to consider these aspects may result in legal challenges or regulatory interventions. **Economic and Game Theoretical Risks**: Smart contract protocols often rely on specific economic assumptions and game theoretical incentives to function optimally. However, the assumptions made during the design might fail in real-world scenarios, leading to security vulnerabilities. **Governance Risks**: Smart contracts are typically decentralized and governed by consensus mechanisms. However, disagreements or disputes within the community can lead to forks or contentious changes, potentially impacting the stability and integrity of the contract. **Upgradability Risks**: Some smart contracts may have upgradability features to fix issues or introduce new functionalities. However, this introduces the risk of unintended consequences or malicious changes if the upgrade process is not carefully managed. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://risk.infinity.exchange/risk-matrix/operational-and-other-risks/smart-contract.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.