0x0xrange
LearnLabsPracticeLeaderboardResearchPricing
0x000x200x400x600x800xA00xC00xE00xFF

▦ Labs

Pick a target. Break it. Read the fix.

Every lab is a faithful recreation of a real vulnerability class, running on a sandboxed testnet. You get a live objective, a live target, and the patched contract beside the flawed one.

7 available·0 in development

Smart-contract security Available

Open the treasury door

A treasury's emergency-withdraw function shipped without an owner check. Call it, walk off with everything, then add the guard that stops you.

CriticalBeginner
Open lab →
Smart-contract security Available

Drain the lending vault

Exploit a reentrancy flaw to drain an ETH lending vault, then read the checks-effects-interactions fix beside it.

CriticalIntermediate
Open lab →
Bridge security Available

The validator majority

Recreate a Ronin-style validator-key compromise: obtain majority signatures and authorise a fraudulent withdrawal from a bridge.

CriticalAdvanced Operator
Open lab →
Bridge security Available

The forged signature

A Wormhole-style signature-verification bypass: slip a fabricated guardian signature past a missing validation step to mint unbacked tokens.

CriticalExpert Operator
Open lab →
DeFi security Available

Bend the oracle

Use a flash loan to skew a spot-price oracle, then borrow against the inflated collateral. Learn TWAP and manipulation-resistant feeds.

CriticalAdvanced Operator
Open lab →
Smart-contract security Available

Unchecked delegatecall

Collide proxy storage slots through an unguarded delegatecall and seize ownership of an upgradeable contract.

CriticalAdvanced Operator
Open lab →
Wallet security Available

Replay the signature

Replay a signed permit that never bound a nonce or chain id, draining approvals across transactions and chains.

HighIntermediate
Open lab →
0x0xrange

Learn offence to build defence — ethically, in a sandbox.

Learn

Getting startedLearning pathsPractice rangeDeFi securityCTF challenges

Platform

LabsPracticeResearchLeaderboardPricing

More

AboutBlogCommunityTermsPrivacy
© 2026 0xrange — built in the UK.0xrange.com · sandboxed testnet only