An interactive, browser-based platform for learning Ethereum smart contract security through hands-on exploitation and fixing of real vulnerabilities.
Let's make Web3 secure! Join Discord
Security Playground teaches developers about common smart contract vulnerabilities in a safe, sandboxed environment. Learn by exploiting vulnerable contracts, understanding attack vectors, and implementing fixes.
- Browser-based Monaco Editor with Solidity syntax highlighting
- In-browser EVM for compiling and deploying contracts
- 8 interactive security modules covering real-world vulnerabilities
- Step-by-step learning path from exploitation to remediation
- Dark/Light mode support
- Reentrancy Attacks
- Access Control Misconfigurations
- Integer Overflow/Underflow
- Unchecked External Calls
- TX-Origin Authentication
- Denial of Service (DoS)
- Storage Collisions
- Front-Running
- Node.js 18+
- npm or yarn
git clone https://github.com/mirmohmadluqman/security-pg.git
cd security-pg
npm install
npm run devOpen http://localhost:3000 in your browser.
- Select a security vulnerability module
- Study the vulnerable smart contract code
- Run the exploit to see the vulnerability in action
- Fix the code to patch the vulnerability
- Verify your fix by running the exploit again
- Next.js 15.3.5
- TypeScript
- Tailwind CSS
- Monaco Editor
- solc-js
- shadcn/ui
GPL-3.0 License - see LICENSE file for details.
Mir Mohmmad Luqman
Full-stack blockchain developer passionate about smart contract security and Web3 education.
- GitHub: @mirmohmmadluqman
- Portfolio: mirmohmmadluqman.github.io/portfolio
- Email: Available on GitHub profile
This tool is for educational purposes only. The vulnerable contracts shown are intentionally insecure and should never be deployed to production environments.