Across exploit postmortems, the repeat offenders are not obscure compiler bugs. They are accounting drift, unchecked external assumptions, unsafe upgrade paths, oracle manipulation, and access-control gaps.
Our scanner and review templates prioritize evidence over alert volume: each candidate needs the exact code path, attacker preconditions, value at risk, and the smallest proof that makes the issue reproducible.
Future focus: convert the top exploit classes into stronger triage modules for pre-audit teams and bounty workflows.