Web3 Hunting

Audit Methodology

1. Understand the Protocol

• Read docs, whitepaper, README
• Identify invariants (what MUST always be true)
• Map token flows: deposits → internal accounting → withdrawals
• Identify privileged roles: owner, admin, governance, keeper

2. Map Attack Surface

• Entry points: all public/external functions
• Privileged functions: onlyOwner, onlyRole, custom modifiers
• External calls: calls to other contracts, oracles, bridges
• Token handling: transfer, transferFrom, approve, fee-on-transfer tokens
• State changes: what storage variables get modified and when

3. Static Analysis

slither . --print human-summary
slither . --detect all
slither . --print contract-summary

4. Manual Review by Bug Class (see below)

5. Write PoC (see Foundry template below)

6. Log Finding

Write to output/<target>/findings/web3_<vuln_name>.md

Bug Classes

1. Accounting Desynchronization

What: Internal accounting (state variables) drifts from actual token balances.

Detection:

• Compare balanceOf(address(this)) with internal tracking variables
• Look for fee-on-transfer tokens breaking assumptions
• Look for rebasing tokens (stETH, AMPL) where balance changes without transfers
• Check: does deposit(amount) assume amount tokens actually arrived?

Grep patterns:

balanceOf
_totalSupply
_balances\[
shares\[

Example: Protocol assumes transferFrom(user, address(this), amount) delivers exactly amount, but token has 1% fee. Internal accounting credits amount but only amount * 0.99 arrived.

2. Access Control Failures

What: Missing or incorrect authorization checks on sensitive functions.

Detection:

• Functions without onlyOwner/onlyRole/custom modifier that modify critical state
• initialize() callable by anyone (unprotected initializer in proxy)
• tx.origin used instead of msg.sender for auth
• Missing zero-address checks on admin transfers

Grep patterns:

function.*external(?!.*only)
function.*public(?!.*only)
initialize
tx\.origin

3. Incomplete Code Paths

What: Missing branches, unchecked returns, silent failures.

Detection:

• Missing else in if/else chains that should cover all cases
• Unchecked return values from transfer(), call(), send()
• try/catch that silently swallows errors
• Missing revert on critical failure paths

Grep patterns:

\.call\{
\.send\(
\.transfer\(
try.*catch

4. Off-By-One Errors

What: Boundary errors in loops, indexing, and comparisons.

Detection:

• < vs <= in loops and time checks
• Array length vs index (0-based)
• block.timestamp comparisons at exact boundaries
• Rounding errors in integer division

Grep patterns:

for.*\.length
block\.timestamp
<= |>=
/ [0-9]

5. Oracle Manipulation

What: Price oracles that can be manipulated within a single transaction.

Detection:

• Spot price from AMM pool used directly (getReserves())
• Missing TWAP (time-weighted average price)
• Chainlink oracle without staleness check (updatedAt)
• Single oracle source with no fallback

Grep patterns:

getReserves
latestRoundData
price
oracle
twap

Red flag: Any function that reads a price and makes a financial decision in the same transaction.

6. ERC4626 Vulnerabilities

What: Vault share calculation issues, especially for first depositor.

Detection:

• Inflation attack: first depositor sends tokens directly to vault (not via deposit) to inflate share price, making subsequent depositors lose funds due to rounding
• Rounding direction: deposit should round down shares (favor vault), withdraw should round up shares (favor vault)
• Empty vault edge case: division by zero when totalSupply == 0

Grep patterns:

totalAssets
convertToShares
convertToAssets
previewDeposit
previewMint

7. Reentrancy

What: External call allows attacker to re-enter the contract before state is updated.

Detection:

• External calls (.call, .transfer, .send) before state updates (violates CEI pattern)
• Cross-function reentrancy: function A calls external contract, which calls function B on the same contract
• Cross-contract reentrancy: contract A calls contract B, which calls back into contract A
• Read-only reentrancy: view functions return stale state during reentrancy

Grep patterns:

\.call\{value
\.call\(
\.transfer\(
\.send\(
nonReentrant

Check: Is there a nonReentrant modifier? If yes, is it on ALL external-facing functions?

8. Flash Loan Attacks

What: Using flash loans to manipulate state within a single transaction.

Detection:

• Functions that rely on spot prices or current balances for calculations
• Governance votes that can be influenced by borrowed tokens
• Collateral calculations based on manipulable prices
• Any check that can be satisfied temporarily with borrowed funds

Grep patterns:

flashLoan
flashMint
balanceOf.*msg\.sender
getReserves

9. Signature Replay

What: Signed messages that can be reused.

Detection:

• Missing nonce in signed data
• No chain ID check (cross-chain replay)
• ecrecover returning address(0) not checked
• EIP-712 implementation errors
• Permit signatures without deadline

Grep patterns:

ecrecover
ECDSA
permit
signature
nonce
DOMAIN_SEPARATOR

10. Proxy Upgrade Patterns

What: Storage collision, uninitialized proxies, dangerous upgrades.

Detection:

• Storage slot collision between proxy and implementation
• selfdestruct in implementation contract
• delegatecall to untrusted address
• Missing _disableInitializers() in implementation constructor
• Function selector clashing between proxy and implementation

Grep patterns:

delegatecall
upgradeTo
implementation
initializer
selfdestruct
IMPLEMENTATION_SLOT

Foundry PoC Template

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import "forge-std/Test.sol";

interface ITarget {
    // Define target contract interface
}

contract ExploitTest is Test {
    ITarget target;
    address attacker = makeAddr("attacker");
    address victim = makeAddr("victim");

    function setUp() public {
        // Fork mainnet at specific block
        vm.createSelectFork("mainnet", 18_000_000);

        // Set up contract references
        target = ITarget(0x1234...);

        // Fund accounts
        deal(address(token), attacker, 1000e18);
        deal(address(token), victim, 1000e18);
    }

    function testExploit() public {
        // Record state before
        uint256 attackerBalBefore = token.balanceOf(attacker);

        vm.startPrank(attacker);
        // ... exploit steps ...
        vm.stopPrank();

        // Record state after
        uint256 attackerBalAfter = token.balanceOf(attacker);

        // Assert the impact
        assertGt(attackerBalAfter, attackerBalBefore, "Attacker should profit");
        console.log("Profit:", attackerBalAfter - attackerBalBefore);
    }
}

Run:

forge test --match-test testExploit -vvvv --fork-url https://eth-mainnet.g.alchemy.com/v2/<KEY>

Useful Foundry cheatcodes:

• vm.prank(address) — impersonate for next call
• vm.startPrank(address) — impersonate until vm.stopPrank()
• deal(token, who, amount) — set token balance
• vm.warp(timestamp) — set block.timestamp
• vm.roll(blockNumber) — set block.number
• vm.expectRevert() — expect next call to revert
• makeAddr("label") — create labeled address

Rules

• NEVER execute transactions on mainnet — fork testing only
• Always quantify impact in dollar terms (TVL at risk)
• Focus on funds-at-risk bugs — these pay the most on Immunefi
• Include Foundry PoC with every finding