Blockchain Security
Blockchain challenges put you on the attacker's side of a deployed smart contract. Once a contract is on-chain its bytecode is public and immutable, so a single logic flaw can drain every token it holds. You'll learn to read Solidity, reason about contract state and ownership, and interact with a live testnet to call functions, watch the mempool, and trigger the classic vulnerability classes that have cost real protocols hundreds of millions of dollars.
- Step 01
Access Control and Ownership
Most contracts gate sensitive actions behind an owner address, but the checks are only as strong as the code that sets them. When ownership transfer logic is missing a modifier, trusts tx.origin, or exposes an initializer anyone can call, an attacker can simply claim ownership and unlock everything. This is the most common real-world smart contract bug, so it's the right place to start.
- Step 02
Integer Overflow and Arithmetic Bugs
Solidity tracks balances with fixed-width uint256 math. In older compilers, or anywhere SafeMath is skipped, subtracting past zero wraps around to a huge number, letting you mint balance out of thin air and drain the contract. Learning to spot unchecked arithmetic teaches you why modern Solidity reverts on overflow by default and how to attack code that opts out.
- Step 03
Reentrancy
Reentrancy is the bug behind the infamous DAO hack. When a contract sends Ether before it updates its internal accounting, the receiving contract's fallback function can call back in and withdraw again, and again, before the balance is ever decremented. You'll write a malicious contract that recursively drains a vault to zero and internalize the checks-effects-interactions pattern that prevents it.
- Step 04
Mempool and Front-Running
On a public blockchain every pending transaction sits in the mempool in plaintext before it is mined. If a contract rewards whoever submits a secret first, an attacker watching the mempool can copy that value and resubmit it with a higher gas price to get mined first. This challenge teaches you transaction ordering, gas auctions, and why commit-reveal schemes exist.