Web3Exploit
Home
Case Research
Learn
Tools
Audit Tools
Token checks & AI-assisted audits
Basic Tools
Generators, decompilers, converters
One-click Token Safety Check
AI Smart Contract Audit
Search
Search
Find notes
Search
Search across case research, Learn explainers, checklist items, glossary terms, and tools.
Search site content
Showing
48
item(s)
DeFi Exploits
EIP-7702 Flashloan-Protection Bypass Case Research: When tx.origin == msg.sender Stopped Meaning EOA
2025-08-24
A source-level and on-chain reconstruction of one of the first EIP-7702 exploits: a delegated EOA that defeats the classic flashloan guard, manipulates a PancakeSwap spot price, and inflates a staking position on BSC.
EIP-7702
Flashloan
Oracle Manipulation
BSC
Pectra
2025
DeFi Exploits
GMX V1 $42M Case Research: Reentrancy and the Split-Brain Short Accounting That Forged a GLP Price
2025-07-09
A source-level and on-chain reconstruction of the GMX V1 GLP exploit: the keeper-mediated reentrancy door, the desynced global-short accounting between Vault and ShortsTracker, and the transaction that minted GLP cheap and redeemed it inflated.
GMX
Reentrancy
GLP
Arbitrum
AUM Manipulation
2025
DeFi Exploits
Cork $12M Case Research: HIYA Price Skew Meets an Unauthenticated Uniswap v4 Hook
2025-05-28
A source-level reconstruction of the Cork Protocol exploit: near-expiry HIYA manipulation, unauthenticated CorkHook.beforeSwap calls, fake market setup, and derivative redemption into wstETH.
Cork
Uniswap v4
Hook
Access Control
Oracle Manipulation
wstETH
2025
DeFi Exploits
Cetus $223M Case Research: The CLMM Shift Check That Minted Liquidity for One Unit
2025-05-22
A source-level reconstruction of the Cetus Sui CLMM exploit: a flawed u256 left-shift overflow check, undercharged add-liquidity math, and the remove-liquidity path that pulled real reserves out.
Cetus
Sui
Move
CLMM
Fixed-Point Math
Flashloan
2025
Operational Security
ZKsync $5M Case Research: Airdrop Admin Compromise and the sweepUnclaimed Mint
2025-04-15
A reconstruction of the ZKsync airdrop incident: a compromised admin account, sweepUnclaimed-driven minting of 111M ZK, exchange liquidation pressure, and negotiated fund recovery.
ZKsync
Airdrop
Private Key Compromise
Access Control
Mint
ZK
2025
DeFi Exploits
KiloEx $7.5M Case Research: A Trusted Forwarder That Let Anyone Become the Price Keeper
2025-04-14
A source-level reconstruction of the KiloEx multi-chain exploit: a MinimalForwarder trust-boundary failure, forged keeper calls, direct setPrices control, and leveraged oracle profit extraction.
KiloEx
Oracle Manipulation
Access Control
Forwarder
Perps
Base
BNB Chain
2025
Operational Security
UPCX $70M Case Research: When a ProxyAdmin Key Became the Protocol
2025-04-01
A source-level and control-plane reconstruction of the UPCX exploit: a compromised privileged key, malicious ProxyAdmin upgrade, withdrawByAdmin execution, and treasury-scale token drain.
UPCX
Private Key Compromise
ProxyAdmin
Access Control
Upgradeable Proxy
Ethereum
2025
Exchange Incidents
Bybit $1.46B Case Research: Tracing the Safe{Wallet} delegatecall Takeover
2025-02-22
A source-level and on-chain reconstruction of the Bybit cold-wallet heist: the tampered Safe{Wallet} JavaScript, the delegatecall storage overwrite, and the full transaction trail.
Bybit
Safe{Wallet}
delegatecall
Lazarus
Supply Chain
2025
Attack Pattern
Reentrancy
An external call hands control to an attacker before state is finalized, letting them re-enter and act on stale storage.
Learn
Attack Pattern
Attack Pattern
Oracle Manipulation
A protocol prices assets off a manipulable source (spot AMM reserves or desynced internal state), letting an attacker forge a favorable price.
Learn
Attack Pattern
Attack Pattern
Flash Loan Attack
Uncollateralized, single-transaction capital amplifies another bug — usually oracle manipulation or governance — to profitable scale.
Learn
Attack Pattern
Attack Pattern
Access Control
A privileged action is reachable by the wrong caller because a check is missing, wrong, or built on a broken assumption.
Learn
Attack Pattern
Attack Pattern
Signature Verification
What is signed or verified diverges from what actually executes — via delegatecall storage overwrite, malleability, or blind signing.
Learn
Attack Pattern
Attack Pattern
Bridge Exploits
Cross-chain bridges concentrate value and trust; a flawed message-verification or signer set lets an attacker forge withdrawals.
Learn
Attack Pattern
Attack Pattern
Private Key Compromise
Keys or signing devices are stolen or tricked into signing, so on-chain actions are fully valid yet unauthorized.
Learn
Attack Pattern
Glossary
Access Control
Who is allowed to invoke a privileged action.
Learn
Glossary
Glossary
AUM (Assets Under Management)
The net worth a pool uses to price its LP token.
Learn
Glossary
Glossary
Checks-Effects-Interactions
Validate, update state, then call out — in that order.
Learn
Glossary
Glossary
delegatecall
Run another contract's code in your own storage context.
Learn
Glossary
Glossary
EOA (Externally Owned Account)
An account controlled by a private key, not contract code.
Learn
Glossary
Glossary
Fixed-Point Math
Integer arithmetic scaled to represent fractional values.
Learn
Glossary
Glossary
Flash Loan
Uncollateralized borrowing repaid in the same transaction.
Learn
Glossary
Glossary
Oracle Manipulation
Forcing a protocol to read a false price.
Learn
Glossary
Glossary
ProxyAdmin
The privileged controller for upgradeable proxy implementations.
Learn
Glossary
Glossary
Reentrancy
Re-entering a function before its state is finalized.
Learn
Glossary
Glossary
Reentrancy Guard
A lock that blocks nested entry into protected functions.
Learn
Glossary
Glossary
Trusted Forwarder
A meta-transaction relay that appends or proves the original sender.
Learn
Glossary
Glossary
tx.origin
The original EOA that started the transaction.
Learn
Glossary
Checklist
W3X-REENT-01: State is finalized before any external call (checks-effects-interactions).
Every balance/accounting write happens before ETH transfers, token hooks, or callbacks.
Learn
Checklist
Reentrancy & External Calls
Checklist
W3X-REENT-02: Functions with external calls carry a reentrancy guard.
Apply a nonReentrant guard where control can leave the contract.
Learn
Checklist
Reentrancy & External Calls
Checklist
W3X-REENT-03: No split-brain accounting across contracts.
Values that must move together are updated on every path; one contract never reads a variable that another updates separately.
Learn
Checklist
Reentrancy & External Calls
Checklist
W3X-ORACLE-01: Prices are not read from raw spot AMM reserves.
Use TWAPs or vetted signed feeds that cannot move within one transaction.
Learn
Checklist
Oracles & Pricing
Checklist
W3X-ORACLE-02: Oracle staleness and sanity bounds are enforced.
Reject stale rounds and values outside a plausible band.
Learn
Checklist
Oracles & Pricing
Checklist
W3X-FLASH-01: No reliance on tx.origin == msg.sender as an EOA guard.
EIP-7702 lets an EOA run code; this guard no longer implies 'not a contract'.
Learn
Checklist
Flash Loans & Atomicity
Checklist
W3X-FLASH-02: Invariants hold under flash-loan-scale, single-block moves.
Per-block change limits and manipulation-resistant inputs bound the blast radius.
Learn
Checklist
Flash Loans & Atomicity
Checklist
W3X-ACCESS-01: Every privileged function has an explicit, tested authorization check.
Minting, upgrading, withdrawing, and config changes are gated by role/owner checks.
Learn
Checklist
Access Control
Checklist
W3X-ACCESS-02: Initializers are protected against re-initialization.
Guard against re-init and initializer front-running in upgradeable contracts.
Learn
Checklist
Access Control
Checklist
W3X-SIGN-01: Signers can decode and verify calldata before approving.
No blind signing; the presented payload matches on-chain execution.
Learn
Checklist
Signing & Verification
Checklist
W3X-SIGN-02: delegatecall targets are restricted or forbidden in multisig flows.
Prevent foreign code from rewriting the caller's storage context.
Learn
Checklist
Signing & Verification
Checklist
W3X-SIGN-03: Replay protection and non-malleable signatures are enforced.
Bind to nonce and chainId; reject malleable signature forms.
Learn
Checklist
Signing & Verification
Checklist
W3X-KEY-01: High-value funds use multisig or MPC, not a single hot key.
Independent, hardware-isolated signers with least privilege.
Learn
Checklist
Key Management & Operations
Checklist
W3X-KEY-02: Signing frontend supply chain is protected.
Integrity checks and dependency pinning for the signer UI and its assets.
Learn
Checklist
Key Management & Operations
Tool
Hex ↔ UTF-8
Convert between hex and UTF-8 text (handy for calldata / bytes debugging).
Tool
basic
available
Tool
Mnemonic Converter
Convert between mnemonics and keys (BIP39, etc.). Generate seeds and addresses.
Tool
basic
available
Planned Tool
One-click Token Safety Check
Quick, high-level token risk checklist for honeypot signals, controls, taxes, and liquidity posture.
Tool
audit
planned
Planned Tool
AI Smart Contract Audit
AI-assisted contract review workflow for call graphs, risk surfaces, and findings drafts.
Tool
audit
planned
Tool
Address Generator
Generate random or deterministic Ethereum addresses and keypairs for local testing.
Tool
basic
available
Planned Tool
ABI Decompiler
Reconstruct a best-effort ABI from bytecode and selectors.
Tool
basic
planned