Damn Vulnerable DeFi V3 Solutions
The v3.0.0-solutions branch of this repository contains my solutions to the Damn Vulnerable DeFi V3 challenges. All solutions have a JavaScript part located in the test folder. Some of them also include an attacker smart contract at contracts/player-contracts. There are decent walkthroughs available for the previous version of Damn Vulnerable DeFi (e.g. this one by 0xJuancito), so I will write here only about the new stuff. However, there are comments in the code for all the problems.
Table of Contents
- Unstoppable
- Naive receiver
- Truster
- Side Entrance
- The Rewarder
- Selfie
- Compromised
- Puppet
- Puppet V2
- Free Rider
- Backdoor
- Climber
- Wallet Mining
- Puppet V3
- ABI Smuggling
1. Unstoppable
no significant changes in the solution since V2
Javascript: test/unstoppable/unstoppable.challenge.js
2. Naive receiver
no significant changes in the solution since V2
Javascript: test/naive-receiver/naive-receiver.challenge.js
3. Truster
no significant changes in the solution since V2
Javascript: test/truster/truster.challenge.js
4. Side Entrance
no significant changes in the solution since V2
Javascript: test/side-entrance/side-entrance.challenge.js
Attacker smart contract: contracts/player-contracts/SideEntranceAttacker.sol
5. The Rewarder
no significant changes in the solution since V2
Javascript: test/the-rewarder/the-rewarder.challenge.js
Attacker smart contract: contracts/player-contracts/TheRewarderAttacker.sol
6. Selfie
no significant changes in the solution since V2
Javascript: test/selfie/selfie.challenge.js
Attacker smart contract: contracts/player-contracts/SelfieAttacker.sol
7. Compromised
no significant changes in the solution since V2
Javascript: test/compromised/compromised.challenge.js
8. Puppet
In V3, the Puppet challenge can be solved in one transaction since the token used in the challenge is now compliant with the ERC-2612 standard. This standard introduces a permit function that enables users to change the allowance at the token on behalf of someone else using a precooked signature. Therefore, an extra transaction to call approve is not needed.
Javascript: test/puppet/puppet.challenge.js
Attacker smart contract: contracts/player-contracts/PuppetAttacker.sol
9. Puppet V2
no significant changes in the solution since V2
Javascript: test/puppet-v2/puppet-v2.challenge.js
Attacker smart contract: contracts/player-contracts/PuppetV2Attacker.sol
10. Free Rider
no significant changes in the solution since V2
Javascript: test/free-rider/free-rider.challenge.js
Attacker smart contract: contracts/player-contracts/FreeRiderAttacker.sol
11. Backdoor
no significant changes in the solution since V2
Javascript: test/backdoor/backdoor.challenge.js
Attacker smart contract: contracts/player-contracts/BackdoorAttacker.sol
12. Climber
no significant changes in the solution since V2
Javascript: test/climber/climber.challenge.js
Attacker smart contract: contracts/player-contracts/ClimberAttacker.sol
13. Wallet Mining
A good walkthrough for the Wallet Mining challenge is available on Medium by @bowenzby.
This challenge is a replay attack that is similar to what happened on Optimism. If you’re tempted to read the solution, I advise you to read that story first and try again.
You will need to enter a Mainnet RPC URL into the wallet-mining.challenge.js file.
Javascript: test/wallet-mining/wallet-mining.challenge.js
Attacker smart contract: contracts/player-contracts/WalletMiningAttacker.sol
14. Puppet V3
This is a price manipultation attack similar to the previous Puppets. The main difference is that the price is time averaged, so it is necessary to wait a little after selling the tokens.
You will need to enter a Mainnet RPC URL into the puppet-v3.challenge.js file.
Javascript: test/puppet-v3/puppet-v3.challenge.js
Attacker smart contract: contracts/player-contracts/PuppetV3Attacker.sol
15. ABI Smuggling
There is a very good walkthrough on Medium by @mattaereal.
Javascript: test/abi-smuggling/abi-smuggling.challenge.js
Disclaimer
All Solidity code, practices and patterns in this repository are DAMN VULNERABLE and for educational purposes only.
DO NOT USE IN PRODUCTION.