/Web3Hack

Proof of Concept (PoC) codes for various web3 hacks, as well as exploring the potential of alternative attack scenarios.

Primary LanguageSolidity

Web3Hack

Welcome to the Web3Hack project! In this repository, I will be sharing my Proof of Concept (PoC) code for various web3 hacks, as well as exploring the potential of alternative attack scenarios. This project will be regularly updated with new code and insights, so be sure to check back often for the latest updates.

Project Overview

This project is focused on exploring the security aspects of web3 applications and decentralized systems. By sharing PoC code and discussing potential attack vectors, I aim to contribute to the community's understanding of security challenges in the web3 space.

How to Use

To explore the contents of this project:

  1. Browse the Code: Take a look at the PoC code provided in the repository. Keep in mind that these are demonstrations of potential vulnerabilities – do not use them maliciously.

  2. Explore Attack Scenarios: Check out the discussions on alternative attack scenarios. This will give you a broader perspective on web3 security challenges.

  3. Read the Writeups: For a comprehensive understanding of each hack, read the detailed writeups available on my blog. These writeups provide insights into the attack methods and suggest ways to protect against them.

List of Past Web3 Hacks:

Here are some of the past web3 hacks I've explored:

20230905_FloorDAO

Test

forge test --contracts ./src/test/20230905_FloorDAO_exp.sol -vvv

EXP

original_exp

optimized_exp_2

optimized_exp_3

optimized_exp_4

Writeup

[Web3 Hack Writeup Series - 2] The Flashloan's fault( 20230905_FloorDAO )

20230809_EarningFarm

Test

forge test --contracts ./src/test/20230809_EarningFarm_exp.sol -vvv

EXP

original_exp

optimized_exp_2

optimized_exp_3

optimized_exp_4

Writeup

[Web3 Hack Writeup Series - 1] A special reentrancy of Earning.Farm at 20230809

Contributions

I welcome contributions from the community to enhance the project. If you have suggestions for new attack scenarios, improvements to the PoC code, or additional insights, feel free to submit a pull request. Let's work together to make the web3 space more secure!

Special Thanks

I would like to express my sincere gratitude to DeFiHackLabs for providing a wealth of web3 security learning resources.

Disclaimer

This project is purely for educational and research purposes. The PoC code and discussions provided here should not be used for any malicious activities. I am not responsible for any misuse of the information presented in this repository.

Connect with Me

For more details, in-depth writeups, and discussions, visit my blog.

Feel free to reach out to me through twitter for any questions, feedback, or collaboration opportunities.

Happy hacking and stay curious!