Smart Contract Smart Contract
Audit Pricing Blog Resources
Get Started

Wrapped Ether (WETH) Smart Contract Risk

Permit No-Op / Non-Standard Permit

⚡ MEDIUM severity

Vulnerability

WETH's permit function is a no-op — it does not revert but does nothing. Attackers can exploit this to create phantom approvals, bypassing permit-based authorization flows. This caused the $130M+ Multichain incident.

Related: Unchecked Return Values

Safe integration

Do not rely on permit() for WETH. Instead use traditional approve+transferFrom flow, or explicitly check allowance after permit calls.

Contract addresses

ChainAddress
Ethereum 0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2
Polygon 0x7ceb23fd6bc0add59e62ac25578270cff1b9f619
Arbitrum 0x82af49447d8a07e3bd95bd0d56f35241523fbab1
Base 0x4200000000000000000000000000000000000006

Audit any contract that interacts with WETH: SmartContract.us automatically detects WETH integration risks →

Chain & standard security guides

← Back to Token Risk Profiles
Security Resources
Vulnerability Glossary · Security Blog · Token Risk Profiles
Chain Guides
Ethereum · Polygon · Arbitrum · Base · BNB Chain
ERC Standard Security
ERC20 · ERC721 · ERC1155 · ERC777 · ERC4626 · ERC2612 · ERC4337
© 2026 Smart Contract Audit — Privacy · Terms · Refund Policy