🗓️ Day 86 – Solving Damn Vulnerable DeFi Challenges 🛠️ 🔹 Current Challenge: Puppet v3 🕵️‍♂️ 📚 Key Learnings: ✅ Learned how ticks simplify liquidity provision by specifying tickLower and tickUpper ranges ✅ Learned how ticks can be converted to prices and vice versa using the standard formula ✅ Learned how TWAP values are fetched using the consult function from a pool contract ✅ Learned that when creating a pool via NonfungiblePositionManager, it expects the initial price in √price × 2^96 (Q64.96 fixed-point format) ✅ Understood the developer intent behind the challenge 💡 Notes: - Still figuring out whether TWAP can be manipulated when a protocol does not use it correctly - Most of these concepts are still at a high level for me; I have not yet gone deep into how they work internally

🗓️ Day 85 – Solving Damn Vulnerable DeFi Challenges 🛠️ 🔹 Current Challenge: Puppet v2 ☑️ 📚 Key Learnings: ✅ Learned how Uniswap V2 Router simplifies swaps by routing everything through factory and pair contracts ✅ Understood that Uniswap V2 can handle any ERC20 ↔ ERC20 token swaps through liquidity pairs ✅ Understood basic router flow and how trades are executed indirectly through liquidity pools ✅ Saw that Puppet v2 uses the same pricing weakness as Puppet v1, but now through Uniswap V2 liquidity 💡 Security Mindset: Don’t trust onchain DEX prices as a source of truth , they can be easily manipulated 🚨 💡 Reflection: Even decentralized prices can be unreliable when liquidity is low. Protocols must not assume AMM prices are always “fair” or accurate.

🗓️ Day 84 – Solving Damn Vulnerable DeFi Challenges 🛠️ 🔹 Current Challenge: Puppet v1 ☑️ yo i can’t even hold the urge for 3 days to grind 😭 been slacking on school work too so I’m swapping peak hours for school sessions and non-peak hours for coding 📚 Key Learnings: ✅ Understood the risk of using Uniswap v1 as a price oracle ✅ Learned how token swaps can manipulate AMM reserves and distort pricing ✅ Saw how lending logic can be broken when it depends on spot price from external liquidity pools 💡 Security Mindset: Never trust AMM spot price as a source of truth , liquidity can be manipulated to game collateral calculations 🚨 💡 Reflection: Small changes in liquidity can completely break financial assumptions in DeFi systems

🗓️ Day 83 – Solving Damn Vulnerable DeFi Challenges 🛠️ 🔹 Current Challenge: Puppet v1 🕵️‍♂️ I'm going to pause my grinding for a while since exams are approaching. Maybe after I round everything up, I’ll continue the grind again. Today was all about AMMs and DeFi. 📚 Key Learnings: ✅ Learnt about liquidity and how liquidity providers earn their share for contributing funds ✅ Understood the math behind x * y = k, why both sides must maintain equal value, and the problems AMMs solve ✅ Found out that Vyper is quite similar to Solidity, just more minimalistic ✅ Understood how TWAP is used in Uniswap V2 to reduce price manipulation risks 💡 Security Mindset: Price is not truth in DeFi, liquidity depth and oracle design determine how reliable that truth really is 🚨 💡 Reflection: Math quietly controls almost everything in DeFi, from pricing to incentives to security itself. The deeper I learn, the more it feels like the future will belong to people who truly understand systems and numbers

🗓️ Day 82 – Solving Damn Vulnerable DeFi Challenges 🛠️ 🔹 Current Challenge: Wallet Mining ☑️ 📚 Key Learnings: ✅ Observed how storage collisions between proxies and implementation contracts can introduce critical vulnerabilities ✅ Learned how to generate valid EIP-712 Safe transaction signatures as an owner 💡 Security Mindset: Never rely on undeployed contract addresses as a security boundary , deterministic deployment makes them predictable and exploitable 🚨 In security design, there is no such thing as a “one in a million chance” assumption; if an address can be derived from known parameters, it must be treated as already known. Any unexpected edge case can and will be abused. 💡 Reflection: Contract deployment paths may look irreversible on the surface, but deterministic deployment logic can still expose hidden ways to recover or predict addresses beneath it

🗓️ Day 81 – Solving Damn Vulnerable DeFi Challenges 🛠️ 🔹 Current Challenge: Compromised ☑️ 📚 Key Learnings: ✅ Learnt that encoding or formatting a private key is not security since reversible transformations can still expose it 💡 Security Mindset: Use hashes for integrity and irreversible transformations, not encodings that can be reconstructed 🚨 💡 Reflection: A secret is only secure when recovery is computationally impractical, not when it merely looks unreadable

🗓️ Day 80 – Solving Damn Vulnerable DeFi Challenges 🛠️ 🔹 Current Challenge: Withdrawal 🕵️‍♂️ 📚 Key Learnings: ✅ Completed the Withdrawal challenge ✅ Wasted a lot of time on this challenge due to misunderstanding some parts of the contract system 💡 Security Mindset: Even when trying to prevent malicious execution as a bridge operator, I still ended up abusing another flaw in the system. When using low-level .call in assembly, always verify the returned boolean value. Ignoring it can silently allow failed executions and create dangerous assumptions 🚨 💡 Reflection: A lot of bugs don’t come from complex code, but from misunderstanding how different parts of the system interact together. The deeper the system, the more dangerous assumptions become.

🗓️ Day 79 – Solving Damn Vulnerable DeFi Challenges 🛠️ 🔹 Current Challenge: Withdrawal 🕵️‍♂️ 📚 Key Learnings: ✅ Understood the developer intent and logic behind the challenge ✅ Refreshed understanding of how event works 📌 Next Step: Start forming testable assumptions and potential attack paths based on the system design

🗓️ Day 78 – Solving Damn Vulnerable DeFi Challenges 🛠️ 🔹 Current Challenge: The Rewarder 🕵️‍♂️ 📚 Key Learnings: ✅ Completed the Rewarder challenge ✅ Learnt how Merkle proofs can be used for airdrops ✅ Found that the contract does not properly mark rewards claimed by users; This allows reuse of the same valid token/proof multiple times within the same batch logic gap 💡 Security Mindset: If a claim is not individually tracked as “used,” a valid proof can be replayed to drain rewards multiple times 💡 Reflection: The main issue was missing per-claim tracking. Even with correct Merkle verification, failing to mark each token claim as used breaks the entire reward integrity model.

🗓️ Day 77 – Solving Damn Vulnerable DeFi Challenges 🛠️ 🔹 Current Challenge: The Rewarder 🕵️‍♂️ 📚 Key Learnings: ✅ Learned how devs use a single uint256 slot as bit flags instead of mapping(uint256 => bool). ✅ Understood the developer intent and logic behind the level. 🔍 Insight: I got inspired by Martin Ortner AKA tintinweb |@nicht_tintin | . Seeing how he works across different security areas made me realize something important: different domains connect and strengthen each other through an auditing mindset. That changed how I see auditing not just as a job, but as a real skillset built on pattern thinking and cross-domain logic. 🎯 Focus now: Go deep in Solidity first and build strong specialization before moving to other areas.

🗓️ Day 76 – Solving Damn Vulnerable DeFi Challenges 🛠️ 🔹 Current Challenge: Naive Receiver 🕵️‍♂️ 📚 Key Learnings: ✅ Completed the Naive Receiver challenge ✅ Learned how flashloan fee mechanics can be weaponized against permissionless borrower contracts 💡 Security Mindset: Never assume execution context is flat, nested calldata delegatecall can completely alter control flow and break security assumptions 🚨 💡 Reflection: What looks like a simple batching mechanism can hide complex execution paths, especially when combined with delegatecall. The real danger isn’t always obvious, it’s in how different components interact under the hood.

🗓️ Day 75 – Solving Damn Vulnerable DeFi Challenges 🛠️ 🔹 Current Challenge: Selfie 🕵️‍♂️ 📚 Key Learnings: ✅ Completed the Selfie challenge ✅Understood that voting power only exists after delegation, not just holding tokens ✅Learned how flashloans can be combined with delegation and snapshots to gain temporary governance power 💡 Security Mindset: Do not take a voting snapshot immediately after delegation, an attacker can flashloan tokens, delegate to themselves, and pass governance checks before returning the tokens 🚨 💡 Reflection: Voting power feels persistent, but in reality it can be temporarily manipulated within a single transaction to influence long-term decisions

🗓️ Day 74 – Solving Damn Vulnerable DeFi Challenges 🛠️ 🔹 Current Challenge: Unstoppable 🕵️‍♂️ 📚 Key Learnings: ✅ Completed Unstoppable challenge ✅ Saw how flashloan checks can be bypassed by inflating vault balance outside deposit() 💡 Security Mindset: Don’t assume all state changes go through intended functions , external token transfers can break invariants 🚨 💡 Reflection: Using totalSupply vs totalAssets as a safety check is fragile because users can send tokens directly to the vault via ERC20, bypassing ERC4626 logic and causing mismatches that break core functionality like flash loans