Back to skills
extension
Category: Development & EngineeringNo API key required

blockchain-black-team

Execute real-world blockchain attack scenarios against smart contracts and off-chain infrastructure. Use when performing security audits, penetration testing, or attack simulation on Solana (Anchor), Ethereum (Solidity), or any programmable blockchain protocol. Triggers on requests for security review, attack simulation, black team, red team, penetration test, exploit analysis, or vulnerability assessment of DeFi/blockchain code.

personAuthor: jakexiaohubgithub

Blockchain Black Team — Real-World Attack Simulation

When to Use This vs Others

  • Use this (Black Team) when you want historically proven attack vectors mapped to real incidents and immediate exploitability checks.
  • Use blockchain-red-team for novel/zero-day style techniques and bypass research beyond known patterns.
  • Use blockchain-purple-team for meta-level coverage gaps, audit failure causes, and architecture/ops blind spots.

Execute battle-tested attack vectors from 70+ historical blockchain incidents ($10B+ total losses) against target protocol code.

When to Use

  • Security audit of smart contracts (Solana Anchor, Solidity, CosmWasm)
  • Attack simulation / penetration testing of DeFi protocols
  • Pre-mainnet security hardening
  • Hackathon security review
  • Post-incident analysis using real-world patterns

Quick Start

  1. Read the target codebase (on-chain + off-chain)
  2. Load references/attack-matrix.md for the 44+ vector framework
  3. For each vector: map historical pattern → target code → attack scenario → severity
  4. Output structured report with PoC sketches for CRITICAL/HIGH findings

Attack Matrix (62+ Vectors, continuously extended)

The full matrix with historical references, code-level mechanisms, and defense patterns is in references/attack-matrix.md. Summary:

A. Smart Contract (core 13 + extended A32/A33/A34/A35/A36/A38)

| # | Vector | Historical Example | Typical Severity | |---|---|---|---| | 1 | Reentrancy | The DAO ($60M), Curve/Vyper ($70M) | HIGH-CRITICAL | | 2 | Flash Loan | Mango ($114M), Euler ($197M) | CRITICAL | | 3 | Oracle Manipulation | Mango, BonqDAO ($120M) | CRITICAL | | 4 | Access Control | Ronin ($624M), Wormhole ($320M) | CRITICAL | | 5 | Integer Overflow/Underflow | Compound ($147M) | HIGH | | 6 | Account Substitution (Solana) | Cashio ($52M) | HIGH | | 7 | Signature Replay | Wintermute ($160M) | HIGH | | 8 | Front-running/Sandwich | MEV ecosystem | MEDIUM | | 9 | Proxy Upgrade Attack | Nomad ($190M) | HIGH | | 10 | Logic Bug | Compound ($147M), Cream ($130M) | HIGH | | 11 | Rent/Lamport Drain (Solana) | Multiple | LOW-MEDIUM | | 12 | CPI Confusion (Solana) | Crema ($8.8M) | HIGH | | 13 | PDA Seed Collision (Solana) | Multiple | MEDIUM |

B. Off-chain/Keeper (core 7 + extended B29/B35/B36/B37/B38)

| # | Vector | Historical Example | Typical Severity | |---|---|---|---| | 14 | RPC Manipulation | Multiple | HIGH | | 15 | Key Compromise | Ronin ($624M), Harmony ($100M), IoTeX ioTube ($4.4M) | CRITICAL | | 16 | Race Condition | Multiple keeper exploits | MEDIUM | | 17 | Checkpoint Poisoning | Novel | HIGH | | 18 | Config Injection | Multiple | HIGH | | 19 | Memory/Log Leak | Slope wallet drain | MEDIUM | | 20 | Denial of Service | Solana network halts | MEDIUM | | 29 | AI Agent Prompt-Injection Confused-Deputy | Trail of Bits Comet audit (2026) | HIGH | | 37 | AI Agent Steganographic Oversight Evasion | arXiv 2602.23163 (2026-02-26) | HIGH | | 38 | Multi-turn Tool-Return Boundary Takeover (IPI) | arXiv 2602.22724 + 2602.22302 (2026-02-25/26) | HIGH |

C. Economic (6 vectors)

| # | Vector | Historical Example | Typical Severity | |---|---|---|---| | 21 | Bank Run / Depeg | UST/LUNA ($40B), USDC SVB | CRITICAL | | 22 | Collateral Manipulation | stETH depeg, Tether FUD | CRITICAL | | 23 | Governance Attack | Beanstalk ($182M) | HIGH | | 24 | Sybil Attack | Multiple | MEDIUM | | 25 | MEV Extraction | MEV ecosystem | MEDIUM | | 30 | Liquidity-Exhaustion Griefing | Intent bridge study (2026) | MEDIUM |

D. Infrastructure (core 4 + extended D32/D33/D34)

| # | Vector | Historical Example | Typical Severity | |---|---|---|---| | 26 | Frontend XSS/Injection | BadgerDAO ($120M) | HIGH | | 27 | RPC Endpoint Takeover | Multiple | HIGH | | 28 | Supply Chain | event-stream, ua-parser-js | HIGH | | 31 | Protocol-Metadata Confusion (IDL/Schema Trust) | Anchor IDL external-account patch (2026) | HIGH |

Daily Evolution Log (Recent)

| Date (KST) | Incident | Vector Mapping | Delta Applied | |---|---|---|---| | 2026-03-15 | Aave wstETH CAPO oracle misconfiguration (2026-03-10, $27.78M): Chaos Labs Edge Risk engine computed snapshotRatio 2.85% below market → AgentHub auto-executed 1 block later with no human gate → 34 healthy E-Mode positions liquidated. No attacker. First confirmed large-scale loss from fully automated risk parameter pipeline. | A62 NEW | 1 NEW VECTOR (A62). Total matrix: 62 named vectors. Microstable: A62 ✅ DEFENDED (2-of-3 keeper quorum + manual oracle mode time-box; no automated rate-cap executor exists). Full sweep below — 0 new CRITICAL/HIGH. Carry-forwards: B45 HIGH (audit-attestation.json unattested delta persists), A43 MEDIUM, B44 MEDIUM. | | 2026-03-13 | DBXen ERC-2771 sender mismatch exploit (2026-03-12, $150K): burnBatch() used _msgSender() but onTokenBurned() callback used msg.sender → forwarder addr credited; permissionless forwarder + fresh-address fee backdating bug amplified. bonk.fun domain hijack (2026-03-12): team account compromised → DNS takeover → wallet-drainer JS injected on canonical domain. D26 escalation note: server-level CSP header required (meta-tag alone cannot block server-injected scripts). | A61 NEW + D26 reinforced | 1 NEW VECTOR (A61). Total matrix: 61 named vectors. Microstable: A61 NOT APPLICABLE (Solana, no ERC-2771). D26: Microstable dashboard has CSP meta tag ✅ — but no server-level HTTP CSP header (static file serving). LOW carry-forward. Full sweep: no new CRITICAL/HIGH findings today. Carry-forwards: B45 HIGH (audit-attestation.json unattested 3,281-line delta persists), A43 MEDIUM, B44 MEDIUM. | | 2026-03-12 | Source sweep: no new incidents in 24h window (last: Gondi NFT $230K 2026-03-10, A4 reinforcement); SlowMist/rekt.news/Halborn/Brave confirmed — 0 new DeFi exploits March 11-12. Full 79-vector Microstable sweep: B45 HIGH still open (audit-attestation.json absent; 3,281-line unattested delta persists), A43 MEDIUM open (no cumulative drift accumulator in rebalance()), B44 MEDIUM open (no delegate.is_none() check in mint()). D26 LOW-NEW: vendor/solana-web3-1.95.3.iife.min.js loaded without SRI integrity attribute — self-hosted so low severity, but should be hash-verified for tamper detection parity. | 0 NEW | Matrix holds at 79 vectors. No new pattern from March 11–12 sweep. Open carry-forwards: B45 HIGH (priority), A43 MEDIUM, B44 MEDIUM, D26/D33 LOW. Gondi (2026-03-10) confirmed A4 dual-authorization pattern: function-level auth ≠ asset-level ownership — bundler-pattern applies equally to any batch/multicall abstraction over user-owned assets. | | 2026-03-09 | OtterSec "Unfaithful Claims: Breaking 6 zkVMs" (2026-03-03) — Jolt/Nexus/Cairo-M/Ceno/Expander/Binius64 all vulnerable to Fiat-Shamir public-claim unbound variable bypass | A50 (NEW) | Added zkVM Fiat-Shamir Public-Claim Unbound Variable Bypass; distinct from A49 (gamma=delta setup constants) — A50 correct constants but wrong transcript binding order pre-challenge squeeze; proof forgery enables arbitrary false statement claiming; Microstable ✅ not applicable (no zkVM); future integration gate: transcript binding-order audit + forged-claim CI test required | | 2026-03-08 | CrossCurve bridge ReceiverAxelar.expressExecute() missing gateway validation (2026-02-02, $3M multi-chain) | A48 (NEW) | Added Unguarded Cross-Chain Receiver Function vector; distinct from A32 (IBC content forgery) — attacker bypasses relay entirely by directly calling receiver; Microstable ✅ not applicable (no bridge receiver); onlyGateway modifier pattern documented | | 2026-03-07 | Solv Protocol BRO vault ERC721 callback double-mint exploit (2026-03-06, $2.7M / 38 SolvBTC drained via 22-iteration dual-execution) | A46 (NEW) | Added ERC721 Callback Reentrancy / Dual-Execution Mint vector; distinct from A1 (not loop re-entry); reinforced NFT-callback CEI discipline; Microstable ✅ not applicable (SPL Token classic, no callbacks) | | 2026-03-05 | Localhost WebSocket takeover hardening signal (OpenClaw v2026.2.25 + Oasis disclosure) | B48 | Added localhost trust-boundary collapse vector for agent-controlled keeper ops; reinforced browser-origin gateway threat modeling, no-loopback-exception controls, and pairing/origin hardening requirements | | 2026-03-02 | Holdstation DeFAI Smart Wallet (2026-02-25, $462K) | B15 (tentative) | Added to incidents timeline; mechanism pending (MFA bypass / session theft in AI-integrated wallet). DeFAI surface note added: AI intent layer + signing authority co-location amplifies B15/B29 exposure | | 2026-03-02 | February 2026 monthly loss total (~$37.7M, lowest since Mar 2025) | Meta | Contextual stat: phishing = $8.5M of total (22%). Key-compromise-class still dominant vector | | 2026-03-01 | AgentSentry + Agent Behavioral Contracts (arXiv 2602.22724 / 2602.22302) | B38 | Added multi-turn tool-return boundary takeover vector and runtime contract-based mitigation notes | | 2026-03-01 | Immunefi bug-bounty telemetry lag signal (2-week disclosure delay) | A34, B15 | Added signal-latency-blindness note: public bounty metrics lag should not drive real-time incident prioritization | | 2026-03-01 | FOOMCASH zkSNARK verifier drift exploit (~$2.26M) | A38 | Added new ZK verifier-key misbinding vector with code-level key-hash/circuit-version defenses | | 2026-03-01 | Trail of Bits Comet prompt-injection audit techniques | B29 | Reinforced confused-deputy vector with fake system/user delimiters + fake validator/CAPTCHA multi-step exfil patterns | | 2026-02-28 | YieldBlox Blend V2 collateral chain exploit ($10.97M) | A3, A36 | Elevated "thin-liquidity collateral + raw-latest oracle adapter + lending health-factor" as a compositional failure chain (not single oracle bug) | | 2026-02-28 | AI oversight-evasion research signal (arXiv 2602.23163) | B37 | Added covert-channel/steganographic agent bypass pattern (post-prompt-injection hardening bypass class) | | 2026-02-28 | Stake Nova redeem-path exploit ($2.39M) | A2, A10 | Reinforced flash-loan-amplified redeem validation failures (RedeemNovaSol) and added Solana-specific redeem-path hardening pattern | | 2026-02-26 | IoTeX ioTube validator key compromise ($4.4M) | B15 | Added new key-compromise case + keeper key hygiene emphasis | | 2026-02-25 | Moonwell oracle incident ($1.78M bad debt) | A3, A10, B18 | Added oracle unit-normalization misuse pattern, governance timelock recovery-gap note, and feed-composition sanity defenses |

Defense Failure Patterns (Meta, Purple-Team Informed)

Black Team 점검 시, "취약점 존재"만 보지 말고 방어가 왜 실패하는지를 같이 기록한다.

  1. Control Fragmentation: 감사/바운티/모니터링/IR가 분리돼 신호가 연결되지 않음.
  2. Rollback Latency: 문제 인지 후 안전한 롤백까지의 의사결정·권한 체인 지연.
  3. Assumption Drift: 배포 당시 안전하던 임계치/가정이 시장·인프라 변화로 무효화.
  4. Confused-Deputy Ops: AI/자동화 도구가 비신뢰 입력을 권한 있는 행동으로 변환.
  5. Capacity Griefing: 단일 대형 공격보다 지속 저강도 압박으로 운영 여유를 소진.
  6. Market-Quality Blindness: 가격 정확성만 보고 시장 깊이/분산도/거래활동 품질을 신뢰 경계에 포함하지 않음.
  7. Telemetry-Truth Drift: 대응 단계에서 공지 지표(순손실/동결액)와 온체인 사실이 분리되어 의사결정·포렌식이 오염됨.
  8. Signal-Latency Blindness: 공개 바운티/리포트 통계의 지연(예: 2주 지연 반영)을 실시간 위협 지표로 오용해, 이미 진행 중인 변형 공격 대응 우선순위를 놓침.
  9. Localhost-Trust Mirage: 운영 환경에서 localhost를 무조건 신뢰해 rate-limit/origin/pairing 예외를 두면, 브라우저-origin 로컬 WebSocket 경로로 인증 경계가 붕괴될 수 있음. 온체인 감사만으로는 탐지되지 않는 운영 계층 실패.

리포트의 각 HIGH/CRITICAL 항목에 아래를 추가:

  • Why defense failed (설계/운영/조직 중 어디가 끊겼는지)
  • Recovery path (탐지→차단→복구까지 실제 실행 경로)

Execution Methodology

For each of the 44+ vectors:

  1. Historical Reference — Which real incident used this vector, what was the mechanism
  2. Code Mapping — Identify exact file:line in target code where vector applies
  3. Attack Scenario — Step-by-step attack procedure (numbered steps)
  4. Current Defense — Evaluate: Defended / Partially Defended / Undefended
  5. Severity — CRITICAL / HIGH / MEDIUM / LOW / INFO
  6. PoC Sketch — For CRITICAL/HIGH: pseudocode or concrete attack commands
  7. Remediation — Code-level fix recommendation

Chain-Specific Considerations

Solana (Anchor)

  • Account model: owner checks, PDA derivation, account data validation
  • CPI: cross-program invocation target verification, signer propagation
  • Rent: minimum balance, account close lamport drain
  • Discriminator: Anchor 8-byte discriminator collision risk
  • Clock/Slot: slot-based timing vs real-time assumptions

Read references/solana-specific.md for Solana-specific attack patterns.

Ethereum (Solidity)

  • Storage layout: delegatecall + storage collision
  • Reentrancy: external calls before state updates
  • ERC-20 approval: infinite approval + permit signatures
  • Proxy patterns: UUPS/Transparent upgrade risks
  • ERC-2771 meta-transaction: mixed msg.sender/_msgSender() + permissionless forwarder (A61)

Read references/ethereum-specific.md for EVM-specific attack patterns.

Report Format

Output as structured markdown:

# Black Team Report — {Protocol Name}

## 0) Summary Dashboard
- Total vectors evaluated: 44
- CRITICAL: X | HIGH: X | MEDIUM: X | LOW: X
- Undefended (immediately exploitable): X

## Top 5 Most Dangerous Scenarios
1. ...

## {N}) {Vector Name}
- **Historical Reference**: {incident, amount, mechanism}
- **Code Mapping**: {file:line}
- **Attack Scenario**: {numbered steps}
- **Current Defense**: {Defended/Partial/Undefended}
- **Severity**: {level}
- **PoC**: {code/commands for CRITICAL/HIGH}
- **Remediation**: {specific code fix}

Cycling Protocol

Black Team is designed to run in loops with Blue Team:

Black R1 → Blue fix → Black R2 → Blue fix → ... → ZERO CRITICAL/HIGH

On repeat runs (R2+):

  • Re-evaluate ALL 44 vectors against updated code
  • Verify previous fixes actually work (bypass attempts)
  • Check for regression (new vulnerabilities from fixes)
  • Only report NEW or UNFIXED findings
  • Target: ZERO CRITICAL + ZERO HIGH to exit loop