It was the year 1964 when a young economist, Stefan Mandel, won 72,783 leu from a Romanian state lottery. There are many similar stores where a really lucky player got a once in a lifetime win only to be never heard from again. Except, Stefan went on to win a…
Automated Market Makers (AMMs) like Uniswap provide many essential services to the DeFi ecosystem including on-chain price feeds. These price oracles are used by lending, derivatives, stable coins, and other applications. Unfortunately, it is possible to manipulate these price feeds which resulted in several multi-million dollar hacks.
In the next…
Oracles play a critical role in many DeFi applications where they are used to correctly report asset prices and other data. As evident by many incidents such as Cheese Bank and Warp Finance, any oracle price manipulations can lead to multi-million losses. …
Last month, ETHworks put together a really fun smart contract contest where players competed to solve all the clues and unlock a 7 ETH reward. While I did not win, I had an absolute blast participating in it and wanted to share my notes in case you want to learn…
The next challenge in the series teaches us about dangers of mixing flash loans and governance systems:
A new cool lending pool has launched! It's now offering flash loans of DVT tokens.Wow, and it even includes a really fancy governance mechanism to control it.What could go wrong, right…
Let’s continue our journey of learning about vulnerable DeFi applications. The next exercise, the-rewarder, challenges us to cheat at getting all of the rewards in a stripped down liquidity pool app:
There's a pool offering rewards in tokens every 5 days for those who deposit their DVT tokens into it.…
The next puzzle in the series continues challenging players to empty DeFi lending pool through any means necessary. Here is the challenge:
A surprisingly simple lending pool allows anyone to deposit ETH, and withdraw it at any point in time.This very simple lending pool has 1000 ETH in balance…
Let’s dive into the next challenge called Truster in the OpenZeppelin’s fun wargame:
More and more lending pools are offering flash loans. In this case, a new pool has launched that is offering flash loans of DVT tokens for free.Currently the pool has 1 million DVT tokens in balance…
Continuing our exploration of the Damn Vulnerable DeFi wargame, the next puzzle is called Naive receiver. It challenges players to drain a DeFi user’s account:
There's a lending pool offering quite expensive flash loans of Ether, which has 1000 ETH in balance.You also see that a user has deployed…
Damn Vulnerable DeFi is an Ethereum smart contract wargame developed by @tinchoabbate from OpenZeppelin. The competition includes 8 unique challenges educating players about various DeFi vulnerabilities.
In this article, I will share basic set up steps to get you started on the challenges and go over the first challenge.
Wargame Setup
To…
Peter Kacherginsky
Blockchain Security, Malware Analysis, Incident Response, Pentesting, BlockThreat.net
