This is a side project I work on when I'm bored — a collection of Damn Vulnerable DeFi challenges (Damn Vuln DeFi). I take notes as I work through each challenge, so if you're interested, feel free to check them out!
| # | Name | Done | My Own Comments | Notes Link |
|---|---|---|---|---|
| 1 | Unstoppable | ✅ | funny lil' one | Notes |
| 2 | Naive receiver | ✅ | not as easy as you'd expect for a second challenge, wtf | Notes |
| 3 | Truster | ✅ | thinkin' weird ain't always the move lolz | Notes |
| 4 | Side Entrance | ✅ | classic lil' trick but still funny | Notes |
| 5 | The Rewarder | ✅ | couldn't be bothered to read all the code, so I built a fuzzer to find the vuln for me lolz | Notes |
| 6 | Selfie | ✅ | easy but kinda fun imo | Notes |
| 7 | Compromised | ✅ | felt like in CTF (not hard tbh but cool one) | Notes |
| 8 | Puppet | ✅ | cool AMM setup | Notes |
| 9 | Puppet V2 | ✅ | a bit more realistic AMM (nice one tbh) | Notes |
| 10 | Free Rider | ✅ | ngl, hopin’ this doesn’t actually come up in a real-life contract (at least, this is a free-bounty) | Notes |
| 11 | Backdoor | ✅ | Woooow that IS a stylish one, the audit inspiration is sooo 🥵 | Notes |
| 12 | Climber | ✅ | tasty one, just a clean stack of calls, all wrapped into a smooth one-shot. Liked it | Notes |
| 13 | Wallet Mining | |||
| 14 | Puppet V3 | |||
| 15 | ABI Smuggling | |||
| 16 | Shards | |||
| 17 | Curvy Puppet | |||
| 18 | Withdrawal |
Check out WHATISDAMNVULNDEFI.md
For the lazy ones:
Here's the Website
Damn Vulnerable DeFi is the smart contract security playground for developers, security researchers and educators.
- You must always use the
playeraccount.- You must not modify the challenges' initial nor final conditions.
- You can code and deploy your own smart contracts.
- You can use Foundry's cheatcodes to advance time when necessary.
- You can import external libraries that aren't installed, although it shouldn't be necessary.