Skip to content

JeremyZenora/damn-vulnerable-defi-ctfs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
builds/uniswap
builds/uniswap
 
 
src
src
 
 
test
test
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
foundry.toml
foundry.toml
 
 
remappings.txt
remappings.txt
 
 

Repository files navigation

My solutions of Damn Vulnerable Defi v4

I successfuly solved 14/18 challenges, why did I stop there? I did not really feel motivated to do the rest, wanted to move on to actual audit contests. Some of the challenges were really hard, I looked at hints from previous v3 versions, if it was very hard, I took inspiration from others that did v4.

Damn Vulnerable DeFi

Damn Vulnerable DeFi is the smart contract security playground for developers, security researchers and educators.

Perhaps the most sophisticated vulnerable set of Solidity smart contracts ever witnessed, it features flashloans, price oracles, governance, NFTs, DEXs, lending pools, smart contract wallets, timelocks, vaults, meta-transactions, token distributions, upgradeability and more.

Use Damn Vulnerable DeFi to:

  • Sharpen your auditing and bug-hunting skills.
  • Learn how to detect, test and fix flaws in realistic scenarios to become a security-minded developer.
  • Benchmark smart contract security tooling.
  • Create educational content on smart contract security with articles, tutorials, talks, courses, workshops, trainings, CTFs, etc.

Install

  1. Clone the repository.
  2. Checkout the latest release (for example, git checkout v4.0.0)
  3. Rename the .env.sample file to .env and add a valid RPC URL. This is only needed for the challenges that fork mainnet state.
  4. Either install Foundry, or use the provided devcontainer (In VSCode, open the repository as a devcontainer with the command "Devcontainer: Open Folder in Container...")
  5. Run forge build to initialize the project.

Usage

Each challenge is made up of:

  • A prompt located in src/<challenge-name>/README.md.
  • A set of contracts located in src/<challenge-name>/.
  • A Foundry test located in test/<challenge-name>/<ChallengeName>.t.sol.

To solve a challenge:

  1. Read the challenge's prompt.
  2. Uncover the flaw(s) in the challenge's smart contracts.
  3. Code your solution in the corresponding test file.
  4. Try your solution with forge test --mp test/<challenge-name>/<ChallengeName>.t.sol. If the test passes, you've solved the challenge!

Challenges may have more than one possible solution.

Rules

  • You must always use the player account.
  • You must not modify the challenges' initial nor final conditions.
  • You can code and deploy your own smart contracts.
  • You can use Foundry's cheatcodes to advance time when necessary.
  • You can import external libraries that aren't installed, although it shouldn't be necessary.

Troubleshooting

You can ask the community for help in the discussions section.

Disclaimer

All code, practices and patterns in this repository are DAMN VULNERABLE and for educational purposes only.

DO NOT USE IN PRODUCTION.

About

new v4 version of Damn Vulnerable Defi, 14 challenges solved

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages