Exploiting delegatecall forwarding to hijack smart contract ownership. Learn how delegatecall preserves transaction context and storage layouts to execute arbitrary code.
Exploiting fixed fees and identity spoofing. Learn how to drain a user’s balance through forced flash loans and hijack admin privileges via meta-transactions.
Oracle manipulation via low-liquidity AMM pools. Learn how to crash the price of a token on Uniswap V1 to borrow an entire lending pool’s liquidity for pennies.
A vulnerable Merkle reward distributor that fails to bind claims to the intended recipient, allowing attackers to steal every unclaimed reward.
