{"id":32218,"date":"2025-03-05T11:05:41","date_gmt":"2025-03-05T10:05:41","guid":{"rendered":"https:\/\/www.codemotion.com\/magazine\/?p=32218"},"modified":"2025-03-05T11:05:43","modified_gmt":"2025-03-05T10:05:43","slug":"owasp-top-10-smart-contracts-2025","status":"publish","type":"post","link":"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/","title":{"rendered":"OWASP TOP 10 smart contracts 2025"},"content":{"rendered":"\n<p>La seguridad de los contratos inteligentes se ha convertido en una preocupaci\u00f3n cr\u00edtica en el ecosistema de blockchain. A medida que la adopci\u00f3n de aplicaciones descentralizadas (dApps) contin\u00faa expandi\u00e9ndose, tambi\u00e9n lo hacen las vulnerabilidades que los ciberatacantes buscan explotar. La lista OWASP Top 10 smart contracts 2025 proporciona una gu\u00eda esencial para desarrolladores y auditores, destacando las amenazas con mayor impacto que podr\u00edan comprometer la integridad y seguridad de los contratos inteligentes. Este art\u00edculo tiene como objetivo analizar estas vulnerabilidades, ofreciendo informaci\u00f3n clave y estrategias de mitigaci\u00f3n para fortalecer la resiliencia de las aplicaciones blockchain.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-actualizacion-del-owasp-smart-contract-top-10\"><strong>Actualizaci\u00f3n del OWASP Smart Contract Top 10<\/strong><\/h2>\n\n\n\n<p>La lista OWASP Top 10 Smart Contracts 2025 [1] proporciona una visi\u00f3n actualizada de las vulnerabilidades m\u00e1s cr\u00edticas que afectan a los contratos inteligentes, lo que permite a los desarrolladores y auditores priorizar sus esfuerzos de seguridad de manera efectiva.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXdVp7gHlBieHXNG-IXHsAaYXsCR2-4OcjNhjoSw13jDKwgbDJ4B0wBwSlhurCXYzvQPJON_KsMjr1jIzXpSX2C7Cj50f04IRH6epYiZskfNpoWfqPPTPUaI3br1C_oFwEZ1RLAUiw?key=c7l6RftBELtdvN8v6E1_7LhZ\" alt=\"\" \/><\/figure>\n\n\n\n<p>La actualizaci\u00f3n de la lista refleja la evoluci\u00f3n del panorama de amenazas de los contratos inteligentes, con un mayor enfoque en las vulnerabilidades espec\u00edficas de DeFi (finanzas descentralizadas). A partir de la imagen, podemos deducir las nuevas vulnerabilidades que se han introducido:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Price Oracle Manipulation (manipulaci\u00f3n del or\u00e1culo de precios<\/strong>) se ha a\u00f1adido como SC02:2025, lo que indica la importancia de los or\u00e1culos de precios en DeFi y los riesgos asociados con su manipulaci\u00f3n.<\/li>\n\n\n\n<li><strong>Lack of Input Validation (falta de validaci\u00f3n de entrada)<\/strong> se ha a\u00f1adido como SC04:2025, lo que indica que la validaci\u00f3n de datos sigue siendo un problema com\u00fan en los contratos inteligentes.<\/li>\n\n\n\n<li><strong>Flash Loan Attacks (ataques de pr\u00e9stamos r\u00e1pidos)<\/strong> se ha a\u00f1adido como SC07:2025 lo que resalta el impacto de los ataques de pr\u00e9stamos r\u00e1pidos en el ecosistema DeFi.<\/li>\n<\/ul>\n\n\n\n<p>A continuaci\u00f3n, se analizan cada una de las vulnerabilidades junto con las mitigaciones y mejores pr\u00e1cticas de seguridad desde el punto de vista del desarrollo que se podr\u00edan aplicar para cada una.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>SC01:2025 &#8211; Vulnerabilidades de control de acceso<\/strong>: El control de acceso inadecuado permite a usuarios no autorizados modificar o acceder a datos confidenciales, lo que lleva a posibles manipulaciones o p\u00e9rdidas de fondos en las carteras. Entre las <strong>mitigaciones<\/strong> que se pueden aplicar podemos destacar:\n<ul class=\"wp-block-list\">\n<li>Implementar el principio de m\u00ednimo privilegio, otorgando s\u00f3lo los permisos necesarios a cada usuario o contrato.<\/li>\n\n\n\n<li>Utilizar modificadores de funci\u00f3n para restringir el acceso a funciones que manejen datos m\u00e1s sensibles.<\/li>\n\n\n\n<li>Considerar el uso de patrones de dise\u00f1o como Ownable o AccessControl de OpenZeppelin [2].<\/li>\n\n\n\n<li>Realizar auditor\u00edas de seguridad para identificar posibles lagunas en el control de acceso.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>SC02:2025 &#8211; Manipulaci\u00f3n del or\u00e1culo de precios:<\/strong> Los atacantes manipulan los or\u00e1culos de precios para influir en el comportamiento de un contrato inteligente, lo que lleva a resultados inesperados o retiros no autorizados de fondos. Entre las <strong>mitigaciones<\/strong> que se pueden aplicar podemos destacar:\n<ul class=\"wp-block-list\">\n<li>Utilizar or\u00e1culos de precios descentralizados y de buena reputaci\u00f3n que agreguen datos de m\u00faltiples fuentes.<\/li>\n\n\n\n<li>Implementar mecanismos de validaci\u00f3n de precios para detectar valores an\u00f3malos.<\/li>\n\n\n\n<li>Monitorizar de forma continua los or\u00e1culos de precios en busca de posibles manipulaciones.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>SC03:2025 &#8211; Errores de l\u00f3gica<\/strong>: Los errores en la l\u00f3gica del contrato inteligente pueden llevar a un comportamiento inesperado o a la p\u00e9rdida de fondos. Entre las <strong>mitigaciones<\/strong> que se pueden aplicar podemos destacar:\n<ul class=\"wp-block-list\">\n<li>Realizar pruebas exhaustivas de la l\u00f3gica del contrato inteligente, incluyendo pruebas unitarias, de integraci\u00f3n y de fuzzing.<\/li>\n\n\n\n<li>Realizar auditor\u00edas de seguridad para identificar posibles errores de l\u00f3gica.<\/li>\n\n\n\n<li>Considerar el uso de lenguajes de programaci\u00f3n y frameworks de desarrollo que ofrezcan soporte para la verificaci\u00f3n formal de la l\u00f3gica del contrato.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>SC04:2025 &#8211; Falta de validaci\u00f3n de entrada<\/strong>: La validaci\u00f3n de entrada inadecuada permite a los atacantes introducir datos maliciosos, lo que lleva a un comportamiento inesperado. Entre las <strong>mitigaciones<\/strong> que se pueden aplicar podemos destacar:\n<ul class=\"wp-block-list\">\n<li>Validar todas las entradas de usuario y de otros contratos, incluyendo tipos de datos, rangos y formatos.<\/li>\n\n\n\n<li>Utilizar bibliotecas y frameworks de validaci\u00f3n de entrada para simplificar el proceso.<\/li>\n\n\n\n<li>Considerar el uso de listas blancas para permitir solo entradas conocidas y seguras.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>SC05:2025 &#8211; Ataques de reentrada:<\/strong> Un atacante podr\u00eda explotar una funci\u00f3n en un contrato inteligente para realizar llamadas externas a otros contratos antes de que se complete la primera transacci\u00f3n, lo que lleva a retiros no autorizados de fondos.&nbsp; Entre las <strong>mitigaciones<\/strong> que se pueden aplicar podemos destacar:\n<ul class=\"wp-block-list\">\n<li>Utilizar el patr\u00f3n Checks-Effects-Interactions[3] para ordenar las operaciones del contrato.<\/li>\n\n\n\n<li>Implementar bloqueos de reentrada utilizando modificadores de funci\u00f3n o variables de estado.<\/li>\n\n\n\n<li>Considerar el uso de la funci\u00f3n transfer() en lugar de send() para limitar el consumo de gas.<\/li>\n\n\n\n<li>Realizar auditor\u00edas de seguridad para identificar posibles vulnerabilidades de reentrada.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>SC06:2025 &#8211; Llamadas externas no verificadas:<\/strong> Los contratos inteligentes que realizan llamadas externas a otros contratos sin la validaci\u00f3n adecuada son vulnerables a ataques. Entre las <strong>mitigaciones<\/strong> que se pueden aplicar podemos destacar:\n<ul class=\"wp-block-list\">\n<li>Validar todas las llamadas externas, incluyendo la direcci\u00f3n del contrato y los datos de la llamada.<\/li>\n\n\n\n<li>Verificar la funciones que ejecutan los contratos.<\/li>\n\n\n\n<li>Considerar el uso de bibliotecas y frameworks de desarrollo que ofrezcan soporte para llamadas externas seguras.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>SC07:2025 &#8211; Ataques de pr\u00e9stamos r\u00e1pidos (Flash Loan Attacks)<\/strong>: Los atacantes podr\u00edan obtener pr\u00e9stamos r\u00e1pidos para manipular el mercado y obtener ganancias. Entre las <strong>mitigaciones<\/strong> que se pueden aplicar podemos destacar:\n<ul class=\"wp-block-list\">\n<li>Dise\u00f1ar contratos inteligentes que sean resistentes a la manipulaci\u00f3n de precios.<\/li>\n\n\n\n<li>Implementar mecanismos de validaci\u00f3n de precios para protegerse contra la su manipulaci\u00f3n.<\/li>\n\n\n\n<li>Considerar el uso de disyuntores para pausar el contrato en caso de un ataque.<\/li>\n\n\n\n<li>Monitorizar el mercado en busca de posibles ataques de pr\u00e9stamos r\u00e1pidos.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>SC08:2025 &#8211; Desbordamiento de enteros:<\/strong> Los atacantes manipulan operaciones aritm\u00e9ticas para causar desbordamientos, lo que resulta en un comportamiento inesperado y posible p\u00e9rdida de fondos. Entre las <strong>mitigaciones<\/strong> que se pueden aplicar podemos destacar:\n<ul class=\"wp-block-list\">\n<li>Utilizar bibliotecas que ofrecen protecci\u00f3n contra desbordamientos.<\/li>\n\n\n\n<li>Validar todas las operaciones aritm\u00e9ticas para asegurarse de que los resultados est\u00e9n dentro de los rangos esperados.<\/li>\n\n\n\n<li>Considerar el uso de tipos de datos de longitud arbitraria para evitar desbordamientos.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>SC09:2025 &#8211; Aleatoriedad insegura<\/strong>: El uso de fuentes de aleatoriedad predecibles o sesgadas permite a los atacantes manipular los resultados de los contratos inteligentes, lo que podr\u00eda originar p\u00e9rdidas de fondos. Entre las <strong>mitigaciones<\/strong> que se pueden aplicar podemos destacar:\n<ul class=\"wp-block-list\">\n<li>Utilizar fuentes de aleatoriedad seguras y descentralizadas, como Chainlink VRF [4].<\/li>\n\n\n\n<li>Evitar el uso de funciones de hash o marcas de tiempo como fuentes de aleatoriedad.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>SC10:2025 &#8211; Ataques de denegaci\u00f3n de servicio (DoS<\/strong>): Los atacantes abruman un contrato inteligente con solicitudes, lo que lo hace no disponible para usuarios leg\u00edtimos. Entre las <strong>mitigaciones<\/strong> que se pueden aplicar podemos destacar:\n<ul class=\"wp-block-list\">\n<li>Limitar el consumo de gas de las funciones del contrato para evitar ataques de denegaci\u00f3n de gas.<\/li>\n\n\n\n<li>Implementar mecanismos de control de acceso para limitar el n\u00famero de solicitudes de cada usuario.<\/li>\n\n\n\n<li>Considerar el uso de soluciones de escalado de capa 2 para aumentar el rendimiento del contrato.<\/li>\n\n\n\n<li>Monitorizar el contrato en busca de posibles ataques de denegaci\u00f3n de servicio distribuido (DDoS).<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>La lista OWASP Top 10 Smart Contracts 2025 ofrece una visi\u00f3n actualizada de las vulnerabilidades que afectan a los contratos inteligentes. La evoluci\u00f3n desde la lista de 2023 refleja un panorama de amenazas din\u00e1mico, con un enfoque creciente en las vulnerabilidades espec\u00edficas de DeFi y la manipulaci\u00f3n financiera.<\/p>\n\n\n\n<p>La priorizaci\u00f3n en las vulnerabilidades relacionadas con el control de acceso y la validaci\u00f3n de datos destaca la importancia de las pr\u00e1cticas de desarrollo seguras y las auditor\u00edas que se realizan a nivel de c\u00f3digo. De esta forma, comprender y mitigar estas vulnerabilidades por parte de los desarrolladores es la base para construir un ecosistema blockchain m\u00e1s seguro y confiable. La seguridad de los contratos inteligentes es un proceso continuo, y la adopci\u00f3n de las mitigaciones es esencial para garantizar la integridad de las aplicaciones blockchain.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Referencias:<\/strong><\/h2>\n\n\n\n<p>[1] <a href=\"https:\/\/scs.owasp.org\/sctop10\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/scs.owasp.org\/sctop10<\/a><\/p>\n\n\n\n<p>[2] <a href=\"https:\/\/www.openzeppelin.com\/solidity-contracts\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.openzeppelin.com\/solidity-contracts<\/a><\/p>\n\n\n\n<p>[3] <a href=\"https:\/\/docs.soliditylang.org\/en\/v0.6.11\/security-considerations.html\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/docs.soliditylang.org\/en\/v0.6.11\/security-considerations.html<\/a><\/p>\n\n\n\n<p>[4] <a href=\"https:\/\/docs.chain.link\/vrf\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/docs.chain.link\/vrf<\/a><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>La seguridad de los contratos inteligentes se ha convertido en una preocupaci\u00f3n cr\u00edtica en el ecosistema de blockchain. A medida que la adopci\u00f3n de aplicaciones descentralizadas (dApps) contin\u00faa expandi\u00e9ndose, tambi\u00e9n lo hacen las vulnerabilidades que los ciberatacantes buscan explotar. La lista OWASP Top 10 smart contracts 2025 proporciona una gu\u00eda esencial para desarrolladores y auditores,&#8230; <a class=\"more-link\" href=\"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/\">Read more<\/a><\/p>\n","protected":false},"author":199,"featured_media":32364,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_editorskit_title_hidden":false,"_editorskit_reading_time":0,"_editorskit_is_block_options_detached":false,"_editorskit_block_options_position":"{}","_uag_custom_page_level_css":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[10612,10614],"tags":[10711],"collections":[13183],"class_list":{"0":"post-32218","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-blockchain-es","8":"category-ciberseguridad","9":"tag-ciberseguridad","10":"collections-blockchain","11":"entry"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.9 (Yoast SEO v26.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>OWASP TOP 10 smart contracts 2025 - Codemotion Magazine<\/title>\n<meta name=\"description\" content=\"Descubre las vulnerabilidades clave de los contratos inteligentes en el OWASP Top 10 2025 y aprende c\u00f3mo mitigarlas en este art\u00edculo\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OWASP TOP 10 smart contracts 2025\" \/>\n<meta property=\"og:description\" content=\"Descubre las vulnerabilidades clave de los contratos inteligentes en el OWASP Top 10 2025 y aprende c\u00f3mo mitigarlas en este art\u00edculo\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/\" \/>\n<meta property=\"og:site_name\" content=\"Codemotion Magazine\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Codemotion.Italy\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-03-05T10:05:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-03-05T10:05:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1792\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Jose Manuel Ortega\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@jmortegac\" \/>\n<meta name=\"twitter:site\" content=\"@CodemotionIT\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jose Manuel Ortega\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/\"},\"author\":{\"name\":\"Jose Manuel Ortega\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/6b4195d4196bc3d3e8a56c1215470b6d\"},\"headline\":\"OWASP TOP 10 smart contracts 2025\",\"datePublished\":\"2025-03-05T10:05:41+00:00\",\"dateModified\":\"2025-03-05T10:05:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/\"},\"wordCount\":1392,\"publisher\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra.webp\",\"keywords\":[\"Ciberseguridad\"],\"articleSection\":[\"blockchain\",\"Ciberseguridad\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/\",\"url\":\"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/\",\"name\":\"OWASP TOP 10 smart contracts 2025 - Codemotion Magazine\",\"isPartOf\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra.webp\",\"datePublished\":\"2025-03-05T10:05:41+00:00\",\"dateModified\":\"2025-03-05T10:05:43+00:00\",\"description\":\"Descubre las vulnerabilidades clave de los contratos inteligentes en el OWASP Top 10 2025 y aprende c\u00f3mo mitigarlas en este art\u00edculo\",\"breadcrumb\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/#primaryimage\",\"url\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra.webp\",\"contentUrl\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra.webp\",\"width\":1792,\"height\":1024},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.codemotion.com\/magazine\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ciberseguridad\",\"item\":\"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"OWASP TOP 10 smart contracts 2025\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#website\",\"url\":\"https:\/\/www.codemotion.com\/magazine\/\",\"name\":\"Codemotion Magazine\",\"description\":\"We code the future. Together\",\"publisher\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.codemotion.com\/magazine\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#organization\",\"name\":\"Codemotion\",\"url\":\"https:\/\/www.codemotion.com\/magazine\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/11\/codemotionlogo.png\",\"contentUrl\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/11\/codemotionlogo.png\",\"width\":225,\"height\":225,\"caption\":\"Codemotion\"},\"image\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Codemotion.Italy\/\",\"https:\/\/x.com\/CodemotionIT\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/6b4195d4196bc3d3e8a56c1215470b6d\",\"name\":\"Jose Manuel Ortega\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2023\/10\/python_jose_manuel_ortega-150x150.png\",\"contentUrl\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2023\/10\/python_jose_manuel_ortega-150x150.png\",\"caption\":\"Jose Manuel Ortega\"},\"description\":\"Jos\u00e9 Manuel Ortega is a software engineer and cybersecurity researcher with interest in new technologies, open source, security and testing. In recent years he has shown interest in innovation projects using Big Data technologies using programming languages such as Python. He is currently working as a software engineer in research projects related to Big Data, Cybersecurity and Blockchain. He has taught at university level and collaborated with the official college of computer engineers. He has also been a speaker at several conferences oriented to developers at national and international level. More information about his lectures and other published works can be found on his personal website https:\/\/josemanuelortegablog.com.\",\"sameAs\":[\"http:\/\/josemanuelortegablog.com\",\"https:\/\/www.linkedin.com\/in\/jmortega1\/\",\"https:\/\/x.com\/jmortegac\",\"https:\/\/www.youtube.com\/@JoseManuelOrtegadev\"],\"url\":\"https:\/\/www.codemotion.com\/magazine\/author\/josemanuel\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"OWASP TOP 10 smart contracts 2025 - Codemotion Magazine","description":"Descubre las vulnerabilidades clave de los contratos inteligentes en el OWASP Top 10 2025 y aprende c\u00f3mo mitigarlas en este art\u00edculo","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/","og_locale":"en_US","og_type":"article","og_title":"OWASP TOP 10 smart contracts 2025","og_description":"Descubre las vulnerabilidades clave de los contratos inteligentes en el OWASP Top 10 2025 y aprende c\u00f3mo mitigarlas en este art\u00edculo","og_url":"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/","og_site_name":"Codemotion Magazine","article_publisher":"https:\/\/www.facebook.com\/Codemotion.Italy\/","article_published_time":"2025-03-05T10:05:41+00:00","article_modified_time":"2025-03-05T10:05:43+00:00","og_image":[{"width":1792,"height":1024,"url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra.webp","type":"image\/webp"}],"author":"Jose Manuel Ortega","twitter_card":"summary_large_image","twitter_creator":"@jmortegac","twitter_site":"@CodemotionIT","twitter_misc":{"Written by":"Jose Manuel Ortega","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/#article","isPartOf":{"@id":"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/"},"author":{"name":"Jose Manuel Ortega","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/6b4195d4196bc3d3e8a56c1215470b6d"},"headline":"OWASP TOP 10 smart contracts 2025","datePublished":"2025-03-05T10:05:41+00:00","dateModified":"2025-03-05T10:05:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/"},"wordCount":1392,"publisher":{"@id":"https:\/\/www.codemotion.com\/magazine\/#organization"},"image":{"@id":"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra.webp","keywords":["Ciberseguridad"],"articleSection":["blockchain","Ciberseguridad"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/","url":"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/","name":"OWASP TOP 10 smart contracts 2025 - Codemotion Magazine","isPartOf":{"@id":"https:\/\/www.codemotion.com\/magazine\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/#primaryimage"},"image":{"@id":"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra.webp","datePublished":"2025-03-05T10:05:41+00:00","dateModified":"2025-03-05T10:05:43+00:00","description":"Descubre las vulnerabilidades clave de los contratos inteligentes en el OWASP Top 10 2025 y aprende c\u00f3mo mitigarlas en este art\u00edculo","breadcrumb":{"@id":"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/#primaryimage","url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra.webp","contentUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra.webp","width":1792,"height":1024},{"@type":"BreadcrumbList","@id":"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/owasp-top-10-smart-contracts-2025\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.codemotion.com\/magazine\/"},{"@type":"ListItem","position":2,"name":"Ciberseguridad","item":"https:\/\/www.codemotion.com\/magazine\/es\/ciberseguridad\/"},{"@type":"ListItem","position":3,"name":"OWASP TOP 10 smart contracts 2025"}]},{"@type":"WebSite","@id":"https:\/\/www.codemotion.com\/magazine\/#website","url":"https:\/\/www.codemotion.com\/magazine\/","name":"Codemotion Magazine","description":"We code the future. Together","publisher":{"@id":"https:\/\/www.codemotion.com\/magazine\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.codemotion.com\/magazine\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.codemotion.com\/magazine\/#organization","name":"Codemotion","url":"https:\/\/www.codemotion.com\/magazine\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/logo\/image\/","url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/11\/codemotionlogo.png","contentUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/11\/codemotionlogo.png","width":225,"height":225,"caption":"Codemotion"},"image":{"@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Codemotion.Italy\/","https:\/\/x.com\/CodemotionIT"]},{"@type":"Person","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/6b4195d4196bc3d3e8a56c1215470b6d","name":"Jose Manuel Ortega","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/image\/","url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2023\/10\/python_jose_manuel_ortega-150x150.png","contentUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2023\/10\/python_jose_manuel_ortega-150x150.png","caption":"Jose Manuel Ortega"},"description":"Jos\u00e9 Manuel Ortega is a software engineer and cybersecurity researcher with interest in new technologies, open source, security and testing. In recent years he has shown interest in innovation projects using Big Data technologies using programming languages such as Python. He is currently working as a software engineer in research projects related to Big Data, Cybersecurity and Blockchain. He has taught at university level and collaborated with the official college of computer engineers. He has also been a speaker at several conferences oriented to developers at national and international level. More information about his lectures and other published works can be found on his personal website https:\/\/josemanuelortegablog.com.","sameAs":["http:\/\/josemanuelortegablog.com","https:\/\/www.linkedin.com\/in\/jmortega1\/","https:\/\/x.com\/jmortegac","https:\/\/www.youtube.com\/@JoseManuelOrtegadev"],"url":"https:\/\/www.codemotion.com\/magazine\/author\/josemanuel\/"}]}},"featured_image_src":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra-600x400.webp","featured_image_src_square":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra-600x600.webp","author_info":{"display_name":"Jose Manuel Ortega","author_link":"https:\/\/www.codemotion.com\/magazine\/author\/josemanuel\/"},"uagb_featured_image_src":{"full":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra.webp",1792,1024,false],"thumbnail":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra-150x150.webp",150,150,true],"medium":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra-300x171.webp",300,171,true],"medium_large":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra-768x439.webp",768,439,true],"large":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra-1024x585.webp",1024,585,true],"1536x1536":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra-1536x878.webp",1536,878,true],"2048x2048":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra.webp",1792,1024,false],"small-home-featured":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra-100x100.webp",100,100,true],"sidebar-featured":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra-180x128.webp",180,128,true],"genesis-singular-images":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra-896x504.webp",896,504,true],"archive-featured":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra-400x225.webp",400,225,true],"gb-block-post-grid-landscape":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra-600x400.webp",600,400,true],"gb-block-post-grid-square":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2025\/02\/DALL\u00b7E-2025-03-05-10.59.42-A-futuristic-digital-representation-of-the-blockchain-ecosystem.-The-image-features-interconnected-blocks-forming-a-secure-chain-symbolizing-decentra-600x600.webp",600,600,true]},"uagb_author_info":{"display_name":"Jose Manuel Ortega","author_link":"https:\/\/www.codemotion.com\/magazine\/author\/josemanuel\/"},"uagb_comment_info":0,"uagb_excerpt":"La seguridad de los contratos inteligentes se ha convertido en una preocupaci\u00f3n cr\u00edtica en el ecosistema de blockchain. A medida que la adopci\u00f3n de aplicaciones descentralizadas (dApps) contin\u00faa expandi\u00e9ndose, tambi\u00e9n lo hacen las vulnerabilidades que los ciberatacantes buscan explotar. La lista OWASP Top 10 smart contracts 2025 proporciona una gu\u00eda esencial para desarrolladores y auditores,&#8230;&hellip;","lang":"es","_links":{"self":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts\/32218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/users\/199"}],"replies":[{"embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/comments?post=32218"}],"version-history":[{"count":3,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts\/32218\/revisions"}],"predecessor-version":[{"id":32224,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts\/32218\/revisions\/32224"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/media\/32364"}],"wp:attachment":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/media?parent=32218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/categories?post=32218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/tags?post=32218"},{"taxonomy":"collections","embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/collections?post=32218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}