Damn Vulnerable DeFi is the wargame to learn offensive security of DeFi smart contracts.
Throughout numerous challenges you will build the skills to become a bug hunter or security auditor in the space.
Each challenge can be considered standalone. Depending on the challenge, you should either stop the system from working, take as much funds as possible, or do some other unexpected things.
⚠️⚠️⚠️ Beware! You're seeing an old version of Damn Vulnerable DeFi. To play the most up-to-date version, click here
How to Hack
- Clone the repository
- Install dependencies with
- Code your solutions in the provided
*.challenge.jsfiles (inside each challenge's folder in the
- Run your exploit for a challenge with
npm run challenge-name. If the challenge is executed successfully, you've passed!
Tips and tricks
- In all challenges you must use the attacker account. That means all your transactions must include
- In some cases, you might need to use custom attacker contracts.
- To code the exploits, you might want to refer to the OpenZeppelin Test Helpers and Truffle Contracts docs
Were you able to solve all challenges ? Did you get stuck ? Have some feedback ?
Join the Discord server!