Will the total number of publicly documented vulnerabilities (CVEs) related to smart contracts exceed 5,000 before the end of 2028?

Smart Contract Vulnerabilities: Over 5,000 Documented CVEs by 2028

Smart contracts—self-executing agreements on the blockchain—manage billions of dollars in decentralized finance (DeFi) and other applications. They are highly complex and often contain subtle, high-impact security flaws. This prediction is that the total number of publicly documented vulnerabilities (Common Vulnerabilities and Exposures, or CVEs) related specifically to smart contracts will exceed 5,000 before the end of 2028.

The Audit and Discovery Cycle

The increase in documented vulnerabilities is a double-edged sword: it reflects both the rapid growth of deployed contracts and the growing maturity of the security auditing industry. More security researchers and automated tools are actively seeking flaws, leading to a higher rate of discovery and disclosure.

While 5,000 is a large number, the exponential deployment of new protocols and the complexity of inter-contract communication create a massive attack surface. The 2028 timeframe accounts for the rapid development cycle in the Web3 space and the fact that high-value deployments incentivize both ethical auditing and malicious exploitation, leading to a surge in documented security flaws.