Comment by block_hacks

That’s a fair question.

Blockchain security work is rarely just cryptography in isolation. Web3 applications are still web applications. Wallets, dashboards, admin panels, and APIs are part of the system, and many of them are built with frameworks like Next.js.

Many of our clients building decentralized applications use Next.js as the frontend and sometimes as the backend-for-frontend layer. In real audits, issues often span both sides: smart contracts and the web stack that exposes them.

This article focuses on the web execution side of that reality, not on-chain cryptography. If you are only interested in protocol-level or cryptographic audits, we publish separate articles that focus specifically on those topics.

The point here is that compromises do not respect category boundaries. They usually start at the web layer and move inward.

Out of curiosity, in your experience, do you usually see real-world compromises starting at the contract layer itself, or at the surrounding web and infrastructure layer that interfaces with it?