Welcome to the Immunefi PoC Templates repository! Here, you'll find reusable and easily modifiable Proof of Concept (PoC) examples for various Ethereum Virtual Machine (EVM) based vulnerabilities. Clone the branch corresponding to the chosen attack template. The aim is to enhance bug reporting quality and provide whitehat hackers with efficient tools to create PoCs and validate their findings quickly. These templates are intended for testing proof of concepts in local forks for submission to bug bounty programs. Any other use is explicitly prohibited.
To utilize this repository, you need to have Foundry installed. Check out the installation guide for Foundry.
-
Initialize Forge Repository: Start by initializing a forge repository with the desired attack template. Use the command below, replacing
[template]
with the chosen template from the Template Categories:forge init --template immunefi-team/forge-poc-templates --branch [template]
-
Download Contract Interfaces: Obtain contract interfaces either by creating your own or using Foundry's tools:
- Create Interface Automatically: Use Foundry's
cast interface
commandline tool to automatically generate interfaces based on contract ABIs.
cast interface [address] -o src/external/interfaces/IExample.sol -n IExample
- Download Entire Source Code: Alternatively, download entire contract source codes using
cast etherscan-source
command line tool.
cast etherscan-source [address] -d src/external
- Create Interface Automatically: Use Foundry's
-
Write the Test: Import your attack contract into
PoCTest.sol
and modify thesetUp()
function to replicate necessary attack preconditions. Execute the attack in thetestAttack()
function.The test should extend the
PoC
contract, which introduces functionality to automatically snapshot and print account balances before and after a test.Use the modifier
snapshot(address account, IERC20[] tokens)
on thetest*
function to automatically print information such as pre-attack balances, post-attack balances, and profit. Passing a token with address(0x0) corresponds to the native token of the chain.
To run a test, execute the following command in the console:
forge test -vv --match-path test/[test_name]
Explore various vulnerability categories along with their respective branches, source codes, and documentation in the table below:
Categorization | Branch | Source | Documentation |
---|---|---|---|
Default | default | ||
Reentrancy | reentrancy | Source | Readme |
Flash Loan | flash_loan | Source | Readme |
Price Manipulation | price_manipulation | Source | Readme |
Boilerplate Mocks | mocks | Source | Readme |
Oracle Mocks | oracles | Source | Readme |
Sandwich Attacks | sandwich |
Refer to Foundry for comprehensive understanding.
Explore PoCs contributed by our community members:
- Hundred Finance Hack by @hephyrius
- Omni Protocol Hack by @realgmhacker
- Euler Exploit PoC by @iphelix
- DFX Finance Bugfix Review by @unsafe_call
We sincerely appreciate contributions to Immunefi's templates. Please review the contribution guidelines and code of conduct to ensure your contributions are merged as soon as possible.
Showcasing the contributors behind this project:
- @unsafe_call
- @Omikomikomik
- @ArbazKiraak
- @AdrianHetman
- @Pep1nn
- @realgmhacker
- @_iphelix
- 0xlead
- @infosec_us_team
For any queries or concerns, please don't hesitate to raise them at our GitHub issues.
Finally, if you're eager to collaborate and searching for beginner-friendly tasks, explore the issues labeled as "Good first issue".
Thank you for your time and contributions! 🙌