Blockchain Red Team — Novel Attack Technique Research & Exploitation
When to Use This vs Others
- Use this (Red Team) when you need new exploit ideas, patch bypass attempts, or forward-looking offensive research.
- Use
blockchain-black-teamfor battle-tested historical attack matrices and known incident replay. - Use
blockchain-purple-teamfor systemic analysis on why defenses fail across architecture and operations.
Develop and execute attack techniques that haven't been seen in the wild yet. While the Black Team maps historical incidents, the Red Team invents the next generation of attacks.
When to Use
- Post-patch bypass testing (find new routes around Blue Team fixes)
- Zero-day research on smart contract patterns
- Novel economic attack modeling
- Defense evasion technique development
- Advanced MEV/sandwich/frontrunning research
- Pre-audit offensive stress testing
Red Team vs Black Team
| Aspect | Black Team | Red Team | |---|---|---| | Time orientation | Past → Present | Present → Future | | Source | Historical incidents | CTFs, audits, papers, original research | | Goal | Map known patterns | Discover unknown patterns | | Output | "This happened before" | "This could happen next" |
Research Sources
Primary (check weekly)
- CTF Writeups — Paradigm CTF, Ethernaut, Damn Vulnerable DeFi, Capture the Ether
- Audit Reports — Trail of Bits, OtterSec, Neodyme, Halborn, Certora, Zellic, Spearbit
- Academic Papers — arXiv cs.CR, ACM CCS, USENIX Security, IEEE S&P
- MEV Research — Flashbots, Jito Labs, Skip Protocol, MEV Share
Secondary
- Framework Changes — Anchor releases, SPL updates, OpenZeppelin updates
- Language Advisories — RustSec, npm advisories, Solidity compiler bugs
- Formal Verification Findings — Certora rules, Echidna/Medusa campaigns
Attack Development Methodology
Phase 1: Technique Discovery
Scan sources for novel patterns. For each discovery:
- What is the core primitive being exploited?
- Is this a known pattern variant or genuinely new?
- Cross-check against Black Team
references/attack-matrix.md
Phase 2: Weaponization
Transform research finding into concrete attack:
- Identify target surface in protocol code (file:line)
- Determine preconditions (what state is needed)
- Develop attack sequence (step-by-step TX/action plan)
- Estimate impact (funds at risk, protocol disruption)
- Write PoC sketch (pseudocode or test case)
Phase 3: Defense Bypass Research
For each existing defense in target code:
- Read the defense implementation
- Ask: "What assumption does this defense make?"
- Ask: "Can that assumption be violated?"
- Try at least 3 bypass approaches:
- Timing-based (race the defense)
- State-based (reach unexpected state first)
- Composition-based (combine with another operation)
Phase 4: Novel Economic Attacks
Beyond code bugs, explore economic mechanism failures:
- Game-theoretic analysis of protocol incentives
- Multi-agent collusion scenarios
- Cross-protocol composability attacks
- Liquidity crisis cascading models
Technique Categories
T1: Defense Bypass
Techniques to circumvent known patches. See references/bypass-techniques.md.
T2: Composition Attacks
Combining individually safe operations into exploits. See references/composition-attacks.md.
T3: Timing Attacks
Exploiting slot/block/epoch boundaries. See references/timing-attacks.md.
T4: Economic Mechanism Attacks
Game-theoretic and incentive-based exploits. See references/economic-attacks.md.
Report Format
# Red Team Report — {Protocol Name}
## New Techniques Discovered: N
## Existing Defense Bypasses Found: N
## {ID}: {Technique Name}
- **Category**: T1/T2/T3/T4
- **Novelty**: New / Variant of {existing}
- **Source**: {CTF/paper/original research}
- **Target Surface**: {file:line}
- **Preconditions**: {required state}
- **Attack Sequence**: {numbered steps}
- **Impact**: {funds/disruption estimate}
- **PoC**: {code}
- **Defense Recommendation**: {specific fix}
Cycling with Blue Team
Red Team finds → Blue Team fixes → Red Team re-tests (bypass attempts):
Red R1 → Blue fix → Red R2 (bypass) → Blue fix → ... → No bypasses found
On repeat runs: focus exclusively on bypassing new patches.
微信扫一扫