There are 5 classes of Solidity code smells. If you can detect these code smells, you're more than halfway to finding an exploit to hack the smart contract.
They are dynamic arrays, ratio mathematics, balance changes with external calls, looking outside the smart contract, and using tokens for accounting.