Today is a big day for us. We're releasing Damn Vulnerable DeFi v4 🥳

What's Damn Vulnerable DeFi?

Damn Vulnerable DeFi is a forever-free educational resource to train developers and security researchers who want to dive into smart contract security.

It's a true public good for the security community, with no paywalls, logins, or business model.

People use Damn Vulnerable DeFi to:

  • Sharpen their auditing and bug-hunting skills.
  • Learn how to detect, test and fix flaws in realistic scenarios to become a security-minded developer.
  • Benchmark smart contract security tooling.
  • Create educational content on smart contract security with articles, tutorials, talks, courses, workshops, trainings, CTFs, etc.

This new version of the beloved smart contract security challenges is packed with updates all around.

What's in V4?

  • Full migration from Hardhat to Foundry.
  • Updated all dependencies to the latest versions (e.g., OpenZeppelin Contracts v5), and all contracts to Solidity 0.8.25.
  • Four brand new challenges: Curvy Puppet, Shards, Withdrawal and The Rewarder. Yes yes, the last one already existed, but has been completely reworked!
  • Introduction of fancy stuff like multicalls, meta-transactions, permit2, Merkle proofs, and ERC1155.
  • Modernized all existing challenges. Your past solutions might not work anymore.
  • All challenges now require players to deposit funds into designated recovery accounts (ever heard of SEAL's Safe Harbor?)
  • Various quality-of-life changes, including improvements in errors, events, code organization, variable names, documentation, and optimizations.

Read more comments and details about the changes in the full release announcement:

Releasing Damn Vulnerable DeFi V4
Damn Vulnerable DeFi V4 is out!

And share your love on X: