Home

Awesome

<h1 align="center"> Learn EVM Attacks </h1>

A collection of Foundry tests reproducing exploits, bug bounty reports, and theoretical vulnerabilities on EVM chains. Diagrams and context links accompany each attack reproduction to make it more helpful as a reference or study material for anyone trying to learn more about vulnerabilities in smart contract systems.

[!IMPORTANT]
Some tests need access to archive data as they require state from old blocks. If a test is failing, make sure to set up an archive node as the JSON-RPC URL in foundry.toml. Infura provides free access to archive data.

Want to take a quick look? Just go to a vulnerability folder (say, MBCToken). Read the README or jump ahead to running the reproduction in your computer! You only need Foundry installed.

$ git clone https://github.com/coinspect/learn-evm-attacks
$ forge install
$ forge test --match-contract Exploit_MBCToken -vvv

Index

We now have 40 reproduced exploits. Of those 40, we have chosen a few in case you want to start studying up with some of the most interesting ones.

To run an specific exploit, you can just use:

forge test --match-contract Exploit_MBCToken -vvv

Vary the amount of verbosity (-v, -vv...) according to the data you want. -vvvv includes traces!

The full list is below:

Access Control

Bad Data Validation

Business Logic

Reentrancy

Bridges

<h2 align="center"> Contributing </h2>

To contribute, create a new file inside the most appropriate category. Use the template.txt file in the test folder including the information related to the attack.

Utils that perform flashloans and swaps are provided in test/utils to ease the job of reproducing future attacks. Also, modules that provide enhanced features to Foundry are included in the test/modules folder.

The tests should pass if the attacker succeeded, for examples: your requires should show that the attacker has more balance after the attack than before.

<h2 align="center"> Past work and further study </h2>

Troubleshooting

The main reason why tests fail is due to failures on the RPC providers we have set up as defaults. Please either:

If a reproduction is still failing (ie: it reverts), try to: