Damn Vulnerable DeFi

The offensive security playground for decentralized finances

Damn Vulnerable DeFi is the wargame to learn offensive security of DeFi smart contracts.

Throughout numerous challenges you will build the skills to become a bug hunter or security auditor in the space.


Each challenge can be considered standalone. Depending on the challenge, you should either stop the system from working, take as much funds as possible, or do some other unexpected things.

# Name
1 Unstoppable
2 Naive receiver
3 Truster
4 Side entrance
5 The rewarder
6 Selfie
7 Compromised
8 Puppet
9 Puppet v2
10 Free rider
11 Backdoor
12 Climber
13 Safe miners

How to play

  1. Clone the repository
  2. Checkout the latest version with git checkout v2.2.0
  3. Install dependencies with yarn
  4. Code your solutions in the provided *.challenge.js files (inside each challenge's folder in the test folder)
  5. Run your exploit for a challenge with yarn run challenge-name. If the challenge is executed successfully, you've passed!