Home

Awesome

DeFiVulnLabs

This was an internal Web3 solidity security training in XREX. I want to share these materials with everyone interested in Web3 security and how to find vulnerabilities in code and exploit them. Every vulnerability testing uses Foundry. Faster and easier!

Currently supports 47 types of vulnerabilities. it compiles with Solidity 0.8.18 except the cases like overflow, underflow where we need older solidity to reproduce the bug.

Disclaimer: This content serves solely as a proof of concept showcasing Solidity common bugs. It is strictly intended for educational purposes and should not be interpreted as encouraging or endorsing any form of illegal activities or actual hacking attempts. The provided information is for informational and learning purposes only, and any actions taken based on this content are solely the responsibility of the individual. The usage of this information should adhere to applicable laws, regulations, and ethical standards.

DeFiVulnLabs Solidity Security Testing Guide

Getting Started

Who Support Us? DeFiHackLabs Received Grant From

gcc PM

Donate us

If you appreciate our work, please consider donating. Even a small amount helps us continue developing and improving our projects, and promoting web3 security.

List of vulnerabilities

Bug Reproduce

20220714 Sherlock Yield Strategy Bug - Cross-protocol Reentrancy

Bounty: $250K POC | Reference

20220623 Sense Finance - Access control

Missing access control in onSwap()

Bounty: $50,000

Testing

forge test --contracts ./src/test/SenseFinance_exp.sol -vv 

Link reference

https://medium.com/immunefi/sense-finance-access-control-issue-bugfix-review-32e0c806b1a0

Spotthebugchallenge

Link reference