A ResearchZero Training Lab

Web3 Security
Training Platform.

WEB3PWN is the hands-on Web3 security academy from ResearchZero. Train across Ethereum & Solidity and Canton & DAML by breaking vulnerable contracts, ledgers, authorization models, and workflow assumptions.

Start Hacking Free See the Lab Flow
0
Academy Tracks
0
Security Modules
0%
Hands-On
WEB3PWN Academy TRACKS ONLINE
Current Route Ethereum & Solidity / Canton & DAML

Move from network fundamentals to exploit development, authorization failures, privacy boundaries, and state-integrity bugs.

// Solidity exploit lab
function attack() external payable {
  target.deposit{value: msg.value}();
  target.withdraw();
}
-- DAML authorization lab
template Asset
  with owner : Party
  where signatory owner
Preview of the WEB3PWN browser lab showing Ethereum and Solidity plus Canton and DAML academy tracks.
Why WEB3PWN

Learn Security by Breaking Assumptions

The academy is focused on practice first. Start with Ethereum and Solidity, then move into Canton and DAML security models.

Multi-Track Academy

Follow dedicated learning trees for Ethereum & Solidity and Canton & DAML, with modules that build from fundamentals to security boundaries.

Browser-Based Labs

Read targets, write code, and run validations directly in the browser. No local setup, wallet, or testnet ceremony.

Sandboxed Execution

Labs run in isolated server-side environments, including EVM and DAML-capable sandboxes, so practice stays reproducible and contained.

Security-First Curriculum

Train on authorization, availability, state integrity, privacy, reentrancy, upgradeability, signatures, randomness, and gas behavior.

Ranks & Leaderboard

Earn points for solved labs, track progress through rank tiers, and compare your progress on the global leaderboard.

ResearchZero Lab

Built as a practical ResearchZero training environment for people who need to reason about Web3 systems under adversarial pressure.

Academy Tracks

Ethereum & Solidity. Canton & DAML. One Lab.

The academy is organized as two security trees: EVM smart contract exploitation and Canton/DAML application security.

Ethereum & Solidity

Start with Ethereum network basics and Solidity language foundations, then move toward real exploit development in the EVM track.

Track 01

EVM Core Security

Break access control, tx.origin assumptions, and weak randomness patterns that appear in smart contract systems.

Core Security

Intermediate EVM Attacks

Practice reentrancy, denial of service, and signature verification failures by writing code that proves the bug.

Intermediate

Advanced EVM Topics

Dig into upgradeability, proxy storage behavior, and gas optimization as security-relevant engineering constraints.

Advanced

Canton & DAML

Learn Canton as the synchronization layer and DAML as the contract language for multi-party workflows and private ledgers.

Track 02

DAML Foundations

Understand templates, choices, signatories, observers, controllers, keys, and the ledger model before attacking mistakes.

Start Here

DAML Core Security

Break authorization, availability, keys and uniqueness, and state-integrity assumptions in ledger applications.

Core Security

DAML Boundaries

Inspect off-ledger integration, privacy, and time-boundary failures where ledger logic meets real workflows.

Boundaries
Getting Started

Start Your First Lab in 3 Minutes

No local toolchain required. Sign up, pick an academy track, and start reasoning against real code and workflow targets immediately.

Choose a Track

Browse the Ethereum & Solidity tree or the Canton & DAML tree. Each path is organized by security topic, difficulty, and prerequisite knowledge.

Write the Proof

Study the vulnerable target, identify the broken assumption, and write the Solidity exploit or DAML-focused answer directly in the browser.

Execute & Verify

Hit execute. The platform runs the track-specific validation in an isolated environment and marks the lab solved when your proof satisfies the objective.

Platform Preview

See the Platform in Action

Track rank, solved labs, skill progress, season missions, and latest solves from the same dashboard used in the app.

Navigate academy trees for Ethereum & Solidity and Canton & DAML, from foundations to advanced security boundaries.

Read source material, spot the broken assumption, write the proof, and run validation without leaving the browser.

WEB3PWN dashboard with rank, progress, recent solves, and academy stats
WEB3PWN Academy with skill-tree cards for security modules
WEB3PWN lab editor with source material, code, validation output, and solved status
Learning Tracks

Pick the System You Want to Break Down

The academy follows the same track model as the app: one path for public EVM contracts, one path for Canton and DAML workflows, and missions for integrated practice.

Beginner

Ethereum & Solidity

Understand Ethereum state, transactions, gas, and Solidity before attacking common EVM vulnerability classes.

  • Ethereum basics and Solidity foundations
  • Access control, tx.origin, and randomness
  • Reentrancy, denial of service, and signatures
  • Upgradeability and gas optimization
11 academy modules
Intermediate

Canton & DAML

Learn how DAML describes application rules and how Canton coordinates private multi-party workflows.

  • Canton network basics and DAML foundations
  • Authorization and availability failures
  • Keys, uniqueness, and state integrity
  • Off-ledger integration, privacy, and time boundaries
10 academy modules
Advanced

Missions & Ranks

Use the same app environment to solve higher-pressure scenarios, earn points, and track progress across the leaderboard.

  • Season missions and latest solves
  • Point scoring and rank progression
  • Global leaderboard comparison
  • Practice loops for exploit thinking
6 rank tiers
About the Platform

Why Web3 Security Needs Practice

Different Chains, Same Security Discipline

Ethereum applications expose public contract state, external calls, gas constraints, and transaction ordering. Canton and DAML applications introduce a different set of questions around parties, visibility, authorization, privacy, uniqueness, and synchronization boundaries.

WEB3PWN treats those as practical systems to reason about. You move through focused modules, read source material, and validate your understanding in sandboxed labs instead of stopping at theory.

Built Around the App Experience

The same workflow carries from the public page into the app: choose a track, study the target, submit your proof, and use the validation feedback to tighten your reasoning.

Whether you are preparing for smart contract audits, learning DAML application security, or practicing for Web3 security assessments, WEB3PWN keeps the work close to code, validation, and repeatable feedback.

FAQ

Frequently Asked Questions

What is WEB3PWN?

WEB3PWN is an interactive Web3 security training platform from ResearchZero. It teaches Ethereum & Solidity and Canton & DAML through hands-on browser labs, exploit exercises, and progressive academy tracks.

Do I need prior Solidity or DAML experience?

No. WEB3PWN includes foundation modules for Ethereum, Solidity, Canton, and DAML before the deeper security modules. Basic programming knowledge helps, but the tracks are designed to build progressively.

Do I need to install anything locally?

No. The platform is browser-based. You read the target material, write code in the online editor, and run validation in a sandboxed server environment. No local toolchain, wallet, or gas fees are required.

How do the academy labs work?

Each lab presents a target, source material, and a clear security objective. Depending on the track, you work through Solidity exploit code, Ethereum assumptions, or Canton and DAML authorization, privacy, availability, and workflow scenarios.

What academy tracks are covered?

The academy currently includes Ethereum & Solidity and Canton & DAML. The Ethereum path covers network basics, Solidity, access control, tx.origin, randomness, reentrancy, denial of service, signatures, upgradeability, and gas optimization. The Canton and DAML path covers Canton, DAML foundations, authorization, availability, keys and uniqueness, state integrity, off-ledger integration, privacy, and time boundaries.

What are Canton and DAML?

DAML is a smart contract language for multi-party workflows. Canton is the synchronization layer that lets independent DAML participants coordinate transactions while preserving privacy and local control.

Is WEB3PWN free?

Yes, WEB3PWN is free to use. Create an account and start the academy tracks from the browser.

How is WEB3PWN different from Ethernaut or Damn Vulnerable DeFi?

WEB3PWN runs in the browser and combines a progressive academy, rankings, and a leaderboard. It also goes beyond EVM smart contract exploitation by adding Canton and DAML security material alongside Ethereum and Solidity.

Ready to Start Your First
Web3 Security Lab?

Start with Ethereum and Solidity fundamentals, or move into Canton and DAML security models when you are ready.

Create Free Account