Ethereum is an open-source project, so naturally, the people of the community submit their proposals in the form of EIP (Ethereum Improvement Proposal) for possible improvements to be implemented in the Ethereum Protocol. If these improvements are related to token standards like ERC (Ethereum Request for Comment) etc., …

Link to the challenge -> https://www.damnvulnerabledefi.xyz/challenges/12.html GitHub Repo -> https://github.com/zzzuhaibmohd/damn-vulnerable-defi-solutions The Challenge Your goal is to empty the vault. HINT: OPENZEPPELIN UPGADABLE CONTRACTS The ClimberVault.sol is a timelock contract and the owner can withdraw only limited amount of funds. There is an additional role called sweeper who can withdraw all the funds…

Before we understand the difference between PoW and PoS, let's understand what does consensus mean? What is Consensus? Imagine there are 10 friends and you plan on watching a movie but there are two movies to choose from and you can only watch one. So the best method one can agree on is…

In Solidity, there are three ways in which one can send ether. Namely transfer(), send() and call(). In this article, let us discuss how each function call works and which is the best one to use. transfer vs send vs call transfer -> the receiving smart contract should have a fallback function defined or else…

The CTF covers some of the common smart contract vulnerabilities one must be aware of as a developer or an auditor. Before we jump into the challenges, Let’s just understand what concepts we must be aware of, that can be helpful in solving these challenges. https://github.com/zzzuhaibmohd/DeFi-Security-Summit-Stanford-CTF ERC20 Approval The ERC20 approve grants…

Recently I completed the Ethernaut Challenge Puzzle Wallet and MotorBike which implemented two different proxy patterns for upgradeable contracts. I wanted to take a deep dive and understand more about the good and bad of each of them. Hence the post to document my learning. Aren't smart contracts immutable? I was of the opinion…

The challenge is about understanding proxy pattern and storage variables in upgradable proxy contracts. Click here to access the source code. Investigation We have an Admin contract which contains the update logic and an Logic contract that contains the actual implementation. This can also be refereed to as Transparent Proxy…

This challenge is an extension to the previous level, the challenge covers a bit of assembly basics and other solidity programming concepts. Click here to access the source code. Investigation To complete the challenge we need to pass three gates gateOne, gateTwo and gateThree which are modifiers and get the…