# Technical red flags

Technical vulnerabilities remain one of the most direct loss vectors in DeFi.

Shift evaluates contracts for:

* Upgrade patterns enabling arbitrary logic changes
* Admin pause functions without safeguards
* Delegatecall-based execution logic
* Missing re-entrancy guards
* Unsafe math operations
* Re-entrancy protections
* Simulation-based accounting adjustments
* Slippage exposure in liquidity operations

Internal review is the primary layer of assessment and is performed through Shift’s own IT audit process, where engineers independently analyze the relevant smart contracts of a protocol.

This is complemented by a review of third-party audits and disclosed bug bounty programs, which provide additional external validation.

The primary question is direct:

Can this contract be manipulated, upgraded, or exploited in a way that causes capital loss?

If the answer cannot be mitigated through structure or exposure sizing, allocation does not occur.

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.shiftdefi.com/user-docs/the-risk-framework/risk-assessment/technical-red-flags.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.