Welcome to Oak Security's CosmWasm Security Dojo 🏯, where all apprentices studying CosmWasm smart contracts are welcome 🌀. This Dojo teaches common security vulnerabilities in CosmWasm smart contracts.
The challenges that we will be publishing here target a beginner audience and could be categorized between easy and medium difficulty. It is the perfect place to start honing your security skills if you are looking to develop secure CosmWasm smart contracts or, if you are into security but new to this awesome tech, to spot common pitfalls on CosmWasm smart contracts.
To successfully face the challenges you should get familiar with Rust and CosmWasm smart contracts first. There are plenty of resources out there, but the below is a good starting point:
For now please consider this repo as a work in progress 🚧, as we will be adding new challenges over the next weeks.
Each challenge includes a working proof of concept (PoC) along with other functional tests. You can find the PoC it under tests/exploit.rs
, but we encourage you to try to craft the exploit yourself first. The experience gained from trying to find the bug and crafting the PoC on your own will make a big difference in your learning journey.
The current set of challenges is listed below:
To stay up to date, star and watch this repository, and follow us on Twitter.
Contributions are welcome, please open a PR if you find typos or create an issue/PR with other ideas for challenges. Thanks!