0
0
Blockchain / Solidityprogramming~20 mins

Common vulnerability patterns in Blockchain / Solidity - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Blockchain Security Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Predict Output
intermediate
2:00remaining
Reentrancy Attack Output
What is the output of this simplified Solidity-like pseudocode when a reentrancy attack occurs?
Blockchain / Solidity
contract Vulnerable {
    mapping(address => uint) public balances;

    function deposit() public payable {
        balances[msg.sender] += msg.value;
    }

    function withdraw(uint amount) public {
        require(balances[msg.sender] >= amount);
        (bool success,) = msg.sender.call{value: amount}("");
        require(success);
        balances[msg.sender] -= amount;
    }
}

// Attacker calls withdraw repeatedly before balances[msg.sender] is updated.
AThe contract locks funds permanently due to a deadlock in withdraw.
BThe attacker drains all funds by repeatedly calling withdraw before balance updates.
CThe contract rejects the withdrawal due to insufficient balance immediately.
DThe contract throws a compile-time error due to missing return statement.
Attempts:
2 left
💡 Hint
Think about what happens if the external call happens before the balance is updated.
Predict Output
intermediate
1:30remaining
Integer Overflow Result
What is the value of variable `total` after running this Solidity-like pseudocode?
Blockchain / Solidity
uint8 a = 250;
uint8 b = 10;
uint8 total = a + b; // uint8 max is 255
A4
B260
COverflowError at runtime
D250
Attempts:
2 left
💡 Hint
Remember uint8 can only hold values from 0 to 255 and wraps around on overflow.
🔧 Debug
advanced
2:00remaining
Fix the Timestamp Dependency Bug
This smart contract uses block.timestamp to decide a winner. What is the main vulnerability here?
Blockchain / Solidity
contract Lottery {
    address public winner;

    function pickWinner() public {
        require(block.timestamp % 2 == 0, "Not even timestamp");
        winner = msg.sender;
    }
}
AFunction pickWinner is missing a return statement causing compile error.
BThe contract will always revert because block.timestamp is never even.
CMiner can manipulate block.timestamp to influence winner selection.
DThere is no vulnerability; the code is safe.
Attempts:
2 left
💡 Hint
Think about who controls the block timestamp and how it affects randomness.
📝 Syntax
advanced
1:30remaining
Identify the Syntax Error in Access Control
Which option contains the correct Solidity code to restrict a function to the contract owner?
A
modifier onlyOwner() {
    require(msg.sender == owner)
    _;
}
B
modifier onlyOwner() {
    if(msg.sender != owner) {
        revert();
    }
}
C
modifier onlyOwner() {
    require(msg.sender == owner);
    _;
}
D
modifier onlyOwner() {
    require(msg.sender == owner, "Not owner");
    _;
}
Attempts:
2 left
💡 Hint
Look for correct syntax including semicolons and the placeholder _; in modifiers.
🚀 Application
expert
2:30remaining
Detecting Front-Running Vulnerability
Which of the following code snippets is vulnerable to front-running attacks in a blockchain environment?
A
function bid() public payable {
    require(msg.value > highestBid);
    highestBidder = msg.sender;
    highestBid = msg.value;
}
B
function bid() public payable {
    require(msg.value >= highestBid);
    highestBid = msg.value;
    highestBidder = msg.sender;
}
C
function bid() public payable {
    require(msg.value > highestBid);
    emit NewBid(msg.sender, msg.value);
    highestBid = msg.value;
    highestBidder = msg.sender;
}
D
function bid() public payable {
    require(msg.value > highestBid);
    highestBid = msg.value;
    highestBidder = msg.sender;
}
Attempts:
2 left
💡 Hint
Consider the order of state changes and how miners or attackers can exploit it.