Test using, forge test --mp test/<challenge-name>/<ChallengeName>.t.sol

Lazy? Okay, wait..!!,

1. Unstoppable: forge test --mp test/unstoppable/Unstoppable.t.sol
2. Naive receiver: forge test --mp test/naive-receiver/NaiveReceiver.t.sol
3. Truster: forge test --mp test/truster/Truster.t.sol
4. Side Entrance: forge test --mp test/side-entrance/SideEntrance.t.sol
5. The Rewarder: forge test --mp test/the-rewarder/TheRewarder.t.sol
6. Selfie: forge test --mp test/selfie/Selfie.t.sol
7. Compromised: forge test --mp test/compromised/Compromised.t.sol
8. Puppet: forge test --mp test/puppet/Puppet.t.sol
9. Puppet V2: forge test --mp test/puppet-v2/PuppetV2.t.sol
10. Free Rider: forge test --mp test/free-rider/FreeRider.t.sol
11. Backdoor: forge test --mp test/backdoor/Backdoor.t.sol
12. Climber: forge test --mp test/climber/Climber.t.sol
13. Wallet Mining: forge test --mp test/wallet-mining/WalletMining.t.sol
14. Puppet V3: forge test --mp test/puppet-v3/PuppetV3.t.sol
15. ABI Smuggling: forge test --mp test/abi-smuggling/ABISmuggling.t.sol
16. Shards: forge test --mp test/shards/Shards.t.sol
17. Curvy Puppet: forge test --mp test/curvy-puppet/CurvyPuppet.t.sol
18. Withdrawal: forge test --mp test/withdrawal/Withdrawal.t.sol

Damn Vulnerable DeFi

Damn Vulnerable DeFi is the smart contract security playground for developers, security researchers and educators.

Perhaps the most sophisticated vulnerable set of Solidity smart contracts ever witnessed, it features flashloans, price oracles, governance, NFTs, DEXs, lending pools, smart contract wallets, timelocks, vaults, meta-transactions, token distributions, upgradeability and more.

Use Damn Vulnerable DeFi to:

• Sharpen your auditing and bug-hunting skills.
• Learn how to detect, test and fix flaws in realistic scenarios to become a security-minded developer.
• Benchmark smart contract security tooling.
• Create educational content on smart contract security with articles, tutorials, talks, courses, workshops, trainings, CTFs, etc.

Install

1. Clone the repository.
2. Checkout the latest release (for example, git checkout v4.0.0)
3. Rename the .env.sample file to .env and add a valid RPC URL. This is only needed for the challenges that fork mainnet state.
4. Either install Foundry, or use the provided devcontainer (In VSCode, open the repository as a devcontainer with the command "Devcontainer: Open Folder in Container...")
5. Run forge build to initialize the project.

Usage

Each challenge is made up of:

• A prompt located in src/<challenge-name>/README.md.
• A set of contracts located in src/<challenge-name>/.
• A Foundry test located in test/<challenge-name>/<ChallengeName>.t.sol.

To solve a challenge:

1. Read the challenge's prompt.
2. Uncover the flaw(s) in the challenge's smart contracts.
3. Code your solution in the corresponding test file.
4. Try your solution with forge test --mp test/<challenge-name>/<ChallengeName>.t.sol. If the test passes, you've solved the challenge!

Challenges may have more than one possible solution.

Rules

• You must always use the player account.
• You must not modify the challenges' initial nor final conditions.
• You can code and deploy your own smart contracts.
• You can use Foundry's cheatcodes to advance time when necessary.
• You can import external libraries that aren't installed, although it shouldn't be necessary.

Troubleshooting

You can ask the community for help in the discussions section.

Disclaimer

All code, practices and patterns in this repository are DAMN VULNERABLE and for educational purposes only.

DO NOT USE IN PRODUCTION.