Personal Web3 CTF notes covering exploit patterns, vulnerability classes, and lessons from practice challenges.
This repository is a learning record for Web3 security practice. The notes focus on understanding why a challenge is vulnerable, how to reproduce the exploit path, and what security lesson should be carried into real audits.
- These notes are for Web3 security learning and exploit-pattern practice.
- They are not real-world vulnerability disclosures.
- Some early notes are intentionally lightweight and may be revised as my audit methodology improves.
- The
solutions/the-ethernautdirectory contains Remix-written Solidity contracts used while solving Ethernaut levels. These are kept as historical solution artifacts, not as a polished Foundry test suite.
| Challenge | Topic | Notes |
|---|---|---|
| 00. Hello Ethernaut | Contract interaction basics | Notes |
| 01. Fallback | Ownership transfer through fallback logic | Notes |
| 02. Fallout | Constructor naming mistake | Notes |
| 03. Coin Flip | Predictable randomness | Notes |
| 04. Telephone | tx.origin misuse |
Notes |
| 05. Token | Integer underflow in old Solidity versions | Notes |
| 06. Delegation | delegatecall and storage context |
Notes |
src/
the-ethernaut/ Ethernaut challenge notes
solutions/
the-ethernaut/ Remix-written Ethernaut solution contracts
markdown-template.md Template for future notes
- Solidity basics and contract interaction
- Fallback functions and low-level calls
- Constructor and initialization mistakes
- Weak randomness
tx.originauthorization bugs- Integer overflow and underflow
delegatecallstorage-context risks