Exploiting classic reentrancy vulnerabilities. Learn how state modification sequence and unchecked external calls can lead to total contract draining.
Exploiting fixed fees and identity spoofing. Learn how to drain a user’s balance through forced flash loans and hijack admin privileges via meta-transactions.
Exploring the flaws in flash loan accounting. Learn how to use a contract’s own flash loan to "deposit" into your own account and then walk out with the entire pool.
Exploiting msg.value reuse in batch processing. Learn how to combine Uniswap V2 flash swaps with a faulty NFT marketplace loop to drain an entire collection for the price of one.
Governance hijacking via flash loans. Learn how a lack of snapshotting allows an attacker to borrow a majority of voting power and pass malicious proposals.
