Damn Vulnerable DeFi — Setup and Challenge #1 Walkthrough

Peter Kacherginsky
3 min readNov 14, 2020

Damn Vulnerable DeFi is an Ethereum smart contract wargame developed by @tinchoabbate from OpenZeppelin. The competition includes 8 unique challenges educating players about various DeFi vulnerabilities.

In this article, I will share basic set up steps to get you started on the challenges and go over the first challenge.

Wargame Setup

To begin playing the wargame, you have to set up your local environment first. Start by cloning the challenges repository from Github and installing Node dependencies:

% git clone https://github.com/OpenZeppelin/damn-vulnerable-defi.git
% cd damn-vulnerable-defi
% npm install

Once you install all of the dependencies you can test the environment by listing available challenges as follows:

If you run into issues with the Node set up try reinstalling it or updating packages by running npm update.

The wargame is designed to run completely on users’ local machines using OpenZeppelin Test Helpers. So for every challenge you will be running a respective *.challenge.js file which simulates contract deployment and attacker actions. For example, to run the first challenge, Unstoppable, you would execute test/unstoppable/unstoppable.challenge.js test file by running the following command:

% npm run unstoppable

Solutions will need to be added to the above challenge file to make it satisfy the required condition.

At this point, we should all of the necessary tools to begin playing the Damn Vulnerable DeFi!

SPOILER ALERT: The walkthroughs below include complete solutions to all of the challenges. You may want to stop reading here, if you would like to solve these yourself.

Challenge #1 — Unstoppable

The first challenge invites players to stop a DeFi lending contract from making any future loans:

Peter Kacherginsky

Blockchain Security, Malware Analysis, Incident Response, Pentesting, BlockThreat.net