______ _ _ _ _ _ ______ ______ _
| _ \ | | | | | | | | | | | _ \ | ___(_)
| | | |__ _ _ __ ___ _ __ | | | |_ _| |_ __ ___ _ __ __ _| |__ | | ___ | | | |___| |_ _
| | | / _` | '_ ` _ \| '_ \ | | | | | | | | '_ \ / _ | '__/ _` | '_ \| |/ _ \ | | | / _ | _| | |
| |/ | (_| | | | | | | | | | \ \_/ | |_| | | | | | __| | | (_| | |_) | | __/ | |/ | __| | | |
|___/ \__,_______| |_|_| |_| \___/ \__,_|_|_| |_|\______ \__,_|_.___|_|\___| |___/ \___\_| |_|
| ___| | | | ___| | (_| | (_)
| |_ ___ _ _ _ __ __| |_ __ _ _ | |__ __| |_| |_ _ ___ _ __
| _/ _ \| | | | '_ \ / _` | '__| | | | | __|/ _` | | __| |/ _ \| '_ \
| || (_) | |_| | | | | (_| | | | |_| | | |__| (_| | | |_| | (_) | | | |
\_| \___/ \__,_|_| |_|\__,_|_| \__, | \____/\__,_|_|\__|_|\___/|_| |_|
__/ |
|___/
A set of challenges to learn offensive security of smart contracts in Ethereum.
This repository is a Foundry-based implementation of the original Damn Vulnerable DeFi project. The challenges feature flash loans, price oracles, governance, NFTs, lending pools, smart contract wallets, timelocks, and more!
This project is currently under development. Users should refer to the TODO list as any code not marked as complete has not been tested yet.
Visit damnvulnerabledefi.xyz to access the challenges.
This repository uses Foundry for running tests and interacting with smart contracts. Follow the instructions below to get started:
-
Clone the repository:
git clone https://github.com/EbiPenMan/foundry-damn-vulnerable-defi-v3 cd foundry-damn-vulnerable-defi-v3
-
Install dependencies:
bun install # install Solhint, Prettier, and other Node.js deps
- Code your solution in the *.t.sol file (inside each challenge's folder in the test folder)
- You only need to write your solution in the
_execution
method and run the test. - Run the challenge with
forge test --match-test test{challenge-name}
. If the test is executed successfully, you've passed!
- To code the solutions, you may need to read Foundry docs.
- In all challenges you must use the account called player. In
forge
, that may translate to using:
// Sets msg.sender to the `player` address for the next call.
vm.prank(player);
...
or
// Sets msg.sender for all subsequent calls until stopPrank is called.
vm.startPrank(player);
...
vm.stopPrank();
- Some challenges require you to code and deploy custom smart contracts that you can use this folder.
- Go here for troubleshooting, support and Q&A.
- If you have any problem with
converted Foundry
scripts, You can create issue in this repo.
To run the specefic tests, use the following command:
forge test --match-test testUnstoppable
To run the all tests, use the following command:
forge test
- 1: Unstoppable
- 2: Naive receiver
- 3: Truster
- 4: Side Entrance
- 5: The Rewarder
- 6: Selfie
- 7: Compromised
- 8: Puppet V1
- 9: Puppet V2
- 10: Free Rider
- 11: Backdoor
- 12: Climber
- 13: Wallet Mining
- 14: Puppet V3
- 15: ABI Smuggling
All Solidity code, practices, and patterns in this repository are DAMN VULNERABLE and for educational purposes only.
Please note that the conversion of tests from Hardhat to Foundry and the update of dependencies may contain errors.