Web3 Exploit Playground

Solidity Foundry Security 🚨 The Elevator Pitch

A Proof-of-Concept (PoC) repository demonstrating how to identify, exploit, and verify critical smart contract vulnerabilities. Built using Foundry to simulate real-world exploit scenarios seen on bug bounty platforms like Immunefi and Code4rena.

🧠 Why I Built It

Talking about "Reentrancy" in a blog post is easy. Actually writing the attacker contract, managing the state flow, and watching a vault get drained in a single transaction is how you truly learn. As a Web3 Security Researcher, I built this to practice offensive security. You cannot secure a protocol if you don't know how to break it. 💀 Exploit 1: The Reentrancy Attack (The DAO Hack)

The most infamous hack in Ethereum history.

The Flaw: The Vault contract updates the user's balance after sending the ETH (External call before state update).
The Weapon: The Attacker contract deposits 1 ETH, calls withdraw(), and when the Vault sends the ETH, the Attacker's receive() function triggers, recursively calling withdraw() again before the Vault can update the balance.
The Result: The attacker drains 10 ETH from the vault in a single transaction.

🛠️ Tech Stack

Language: Solidity 0.8.19
Framework: Foundry (Forge for testing, Anvil for local forks)
Methodology: Offensive Security PoC Development

🎥 The Proof (Run it yourself)

Clone the repo and run the exploit test to watch the logs in real-time:

git clone https://github.com/Aman-776/web3-exploit-playground.gitcd web3-exploit-playgroundforge installforge test -vvv

Watch the console output: Vault drops from 10 ETH to 0 ETH in 1ms. 📫 Contact

Built by Amanuel | Full-Stack Vibe Coder & Web3 Security Researcher