Visit damnvulnerabledefi.xyz
Big thanks to Tincho who created the first version of this game and to all the fellows behind the Foundry Framework
Damn Vulnerable DeFi is the wargame to learn offensive security of DeFi smart contracts.
Throughout numerous challenges you will build the skills to become a bug hunter or security auditor in the space. 🕵️♂️
The solution and explanation of the solution of each level is provided in the test files of each level.
This can be accessed in /test/Levels
- Unstoppable
- Naive receiver
- Truster
- Side Entrance
- The Rewarder
- Selfie
- Compromised
- Puppet
- Puppet V2
- Free Rider
- Backdoor
- Climber
- Wallet Mining
- Puppet V3
- ABI Smuggling
- Install Foundry
First run the command below to get foundryup, the Foundry toolchain installer:
curl -L https://foundry.paradigm.xyz | bashThen, in a new terminal session or after reloading your PATH, run it to get the latest forge and cast binaries:
foundryup- Clone This Repo and install dependencies
git clone https://github.com/nicolasgarcia214/damn-vulnerable-defi-foundry.git
cd damn-vulnerable-defi-foundry
forge install
- Code your solutions in the provided
[NAME_OF_THE_LEVEL].t.solfiles (inside each level's folder in the test folder) - Run your exploit for a challenge
make [CONTRACT_LEVEL_NAME]
or
./run.sh [LEVEL_FOLDER_NAME]
./run.sh [CHALLENGE_NUMBER]
./run.sh [4_FIRST_LETTER_OF_NAME]
If the challenge is executed successfully, you've passed!🙌🙌
- In all challenges you must use the account called attacker. In Forge, you can use the cheat code
prankorstartPrank. - To code the solutions, you may need to refer to the Foundry Book.
- In some cases, you may need to code and deploy custom smart contracts.
ds-test for testing, forge-std for better cheatcode UX, and openzeppelin-contracts for contract implementations.