▦ Practice range
Sharpen the instinct. No Solidity required.
Bite-size puzzles and quizzes that train you to think like an attacker — spot the flaw, trace the exploit, call the risk. Every win banks XP toward your tier, the same ladder the labs feed.
Settle before you send
Order a withdrawal so a re-entrant caller can never be paid twice.
0xPuzzles
15 puzzles · click, spot, and order your way inSettle before you send
Order a withdrawal so a re-entrant caller can never be paid twice.
Spot the drain
One line hands control to the attacker too early. Find it.
Who can pull the lever?
A treasury ships a powerful function. Spot the one that ends careers.
The blank cheque
You just signed a token approval. What did you actually agree to?
Move the price, print the loan
Trace how a flash loan turns a spot price into free money.
Count the keys
A 2-of-3 multisig sounds safe. Is it?
The coupon with no expiry
A signed message that binds nothing can be used forever.
Predictable dice
An on-chain lottery picks a winner. The attacker always wins. Why?
Sort the safe from the sorry
Select every pattern that genuinely reduces risk.
The missing guard
This setter looks innocent. Find the line that should never be public.
The sandwich
A bot watches the mempool while your trade waits. What does it do?
Mistaken identity
Authorising with tx.origin opens a phishing door. See how.
The check that never fails
A pre-0.8 token guards a transfer — badly. Find the useless line.
Paid in full?
This payout marks success even when the money never arrives.
Read the red flags
Which contract powers should make a holder run?
Quizzes
4 themed sets · learn from every answerWeb3 Security 101
The vocabulary and instincts every auditor starts with.
Smart-Contract Pitfalls
The classic bug classes that keep draining protocols.
DeFi & Bridges
Where the biggest money — and the biggest hacks — live.
Wallet & User Safety
The everyday habits that keep your keys — and your funds — yours.