Visit damnvulnerabledefi.xyz

Big thanks to Tincho who created the first version of this game and to all the fellows behind the Foundry Framework

Damn Vulnerable DeFi is the wargame to learn offensive security of DeFi smart contracts.

Throughout numerous challenges you will build the skills to become a bug hunter or security auditor in the space. 🕵️‍♂️

1. Unstoppable
2. Naive receiver
3. Truster
4. Side entrance
5. The rewarder
6. Selfie
7. Compromised
8. Puppet
9. Puppet v2
10. Free rider
11. Backdoor

12. Climber

I almost did figure this one out but due to less concentration couldnt crack it and time ran out (1 hour) _authorizeUpgrade didnt see the onlyOwner check on this.

13. Safe miners

Very excited about this one...

1. Install Foundry

First run the command below to get foundryup, the Foundry toolchain installer:

curl -L https://foundry.paradigm.xyz | bash

Then, in a new terminal session or after reloading your PATH, run it to get the latest forge and cast binaries:

foundryup

Advanced ways to use foundryup, and other documentation, can be found in the foundryup package

2. Clone This Repo and install dependencies

git clone https://github.com/nicolasgarcia214/damn-vulnerable-defi-foundry.git
cd damn-vulnerable-defi-foundry
forge install

3. Code your solutions in the provided [NAME_OF_THE_LEVEL].t.sol files (inside each level's folder in the test folder)
4. Run your exploit for a challenge

make [CONTRACT_LEVEL_NAME]

or

./run.sh [LEVEL_FOLDER_NAME]
./run.sh [CHALLENGE_NUMBER]
./run.sh [4_FIRST_LETTER_OF_NAME] 

If the challenge is executed successfully, you've passed!🙌🙌

• In all challenges you must use the account called attacker. In Forge, you can use the cheat code prank or startPrank.
• To code the solutions, you may need to refer to Forge docs.
• In some cases, you may need to code and deploy custom smart contracts.

ds-test for testing, forge-std for better cheatcode UX, and openzeppelin-contracts for contract implementations.