Exploiting arithmetic underflows in Solidity versions before 0.8.0. Learn how unsigned integer wrapping can bypass balance checks to mint an astronomical supply of tokens.
Exploring the flaws in flash loan accounting. Learn how to use a contract’s own flash loan to "deposit" into your own account and then walk out with the entire pool.
Arbitrary external calls leading to full permission leaks. Learn how a single flash loan call can trick a contract into approving away its entire treasury.
Understanding the critical security distinction between tx.origin and msg.sender. Learn how tx.origin authentication can be bypassed using simple contract proxying.
