Damn Vulnerable DeFi is the wargame to learn offensive security of DeFi smart contracts in Ethereum.
Featuring flash loans, price oracles, governance, NFTs, DEXs, lending pools, smart contract wallets, timelocks, and more!
Challenges
| # | Name | |
|---|---|---|
| 1 | Unstoppable | |
| 2 | Naive receiver | |
| 3 | Truster | |
| 4 | Side Entrance | |
| 5 | The Rewarder | |
| 6 | Selfie | |
| 7 | Compromised | |
| 8 | Puppet | |
| 9 | Puppet V2 | |
| 10 | Free Rider | |
| 11 | Backdoor | |
| 12 | Climber | |
| 13 | Wallet Mining | |
| 14 | Puppet V3 | |
| 15 | ABI Smuggling |
How to play
- Clone the repository
- Checkout the latest version with
git checkout v3.0.0 - Install dependencies with
yarn - Code your solution in the
*.challenge.jsfile (inside each challenge's folder in thetestfolder) - Run the challenge with
yarn run challenge-name. If the test is executed successfully, you've passed!
Tips
- To code the solutions, you may need to read Ethers and Hardhat docs.
- In all challenges you must use the account called
player. In Ethers, that may translate to using.connect(player). - Some challenges require you to code and deploy custom smart contracts.
- Go here for troubleshooting, support and Q&A.