More and more DeFi projects on Ethereum are getting hacked. This is your chance to join the party.
Challenges
Each challenge can be considered standalone. Depending on the challenge, you should either stop the system from working, steal as much funds as you can, or do some other unexpected things.
| # | Name | |
|---|---|---|
| 1 | Unstoppable | |
| 2 | Naive receiver | |
| 3 | Truster | |
| 4 | Side entrance | |
| 5 | The rewarder | |
| 6 | Selfie | |
| 7 | Compromised | |
| 8 | Puppet |
How to Hack
- Clone the repository
- Install dependencies with
npm install - Code your solutions in the provided
*.challenge.jsfiles (inside each challenge's folder in thetestfolder) - Run your exploit for a challenge with
npm run challenge-name. If the challenge is executed successfully, you've passed!
Tips and tricks
- In all challenges you must use the attacker account. That means all your transactions must include
{from: attacker} - In some cases, you might need to use custom attacker contracts.
- To code the exploits, you might want to refer to the OpenZeppelin Test Helpers and Truffle Contracts docs
Participate
Were you able to exploit everything ? Did you get stuck ? Want more challenges ?
Join the Discord server!