Exploring the flaws in flash loan accounting. Learn how to use a contract’s own flash loan to "deposit" into your own account and then walk out with the entire pool.
Arbitrary external calls leading to full permission leaks. Learn how a single flash loan call can trick a contract into approving away its entire treasury.
Understanding the critical security distinction between tx.origin and msg.sender. Learn how tx.origin authentication can be bypassed using simple contract proxying.
Exploiting weak on-chain randomness using a smart contract. Learn how transaction execution order and historical block data make deterministic randomness highly exploitable.
