Visit damnvulnerabledefi.xyz
Big thanks to Tincho who created the first version of this game and to all the fellows behind the Foundry Framework
Damn Vulnerable DeFi is the wargame to learn offensive security of DeFi smart contracts.
Throughout numerous challenges you will build the skills to become a bug hunter or security auditor in the space. 🕵️♂️
- Install Foundry
First run the command below to get foundryup, the Foundry toolchain installer:
curl -L https://foundry.paradigm.xyz | bash
Then, in a new terminal session or after reloading your PATH, run it to get the latest forge and cast binaries:
foundryup
Advanced ways to use foundryup
, and other documentation, can be found in the foundryup package
- Clone This Repo and install dependencies
git clone https://github.com/nicolasgarcia214/damn-vulnerable-defi-foundry.git
cd damn-vulnerable-defi-foundry
git submodule update --init --recursive
yarn install
- Code your solutions in the provided
[NAME_OF_THE_LEVEL].t.sol
files (inside each level's folder in the test folder) - Run your exploit for a challenge
forge test --match-test [NAME_OF_THE_TEST_WITH_YOUR_SOLUTION] --match-contract [CONTRACT_LEVEL_NAME]
or
./run.sh [LEVEL_FOLDER_NAME]
./run.sh [CHALLENGE_NUMBER]
./run.sh [4_FIRST_LETTER_OF_NAME]
If the challenge is executed successfully, you've passed!🙌🙌
- In all challenges you must use the account called attacker. In Forge, you can use the cheat code
prank
orstartPrank
. - To code the solutions, you may need to refer to Forge docs.
- In some cases, you may need to code and deploy custom smart contracts.
ds-test
for testing, forge-std
for better cheatcode UX, and openzeppelin-contracts
for contract implementations.