exploiting-web3-smart-contracts
Audited by Snyk on Mar 21, 2026
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.80). The prompt includes multiple examples that embed API keys directly in URLs and command-lines (e.g., Infura/Alchemy fork URLs and forge/hardhat configs), which encourages inserting real secrets verbatim into generated code/commands and thus poses a high exfiltration risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md explicitly instructs fetching contract source and transaction data from public third-party endpoints (e.g., the Etherscan API curl examples and public RPC URLs like Infura/Alchemy, plus online tools like Securify), so the agent would ingest untrusted, user-submitted blockchain data and use it to drive exploitation decisions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). Flagged because the skill's setup explicitly runs remote install scripts (curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash
- and curl -L https://foundry.paradigm.xyz | bash), which fetch and execute remote code as required dependencies.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly about interacting with blockchain financial flows: it shows code that sends and withdraws Ether (msg.sender.call{value: ...}, .send, withdraw functions), constructs and executes exploit contracts that transfer funds (attack.attack({ value: ... })), orchestrates flash loans and repay/keep-profit flows, and uses Web3/Ethers/Infura/Alchemy to send transactions and sign messages. These are concrete crypto/blockchain transaction and signing capabilities (moving funds on-chain), so it grants direct financial execution authority.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs running system-level installation commands (including "sudo apt install" and piping curl to bash with sudo) and other tooling installs that require elevated privileges and modify the host system, so it pushes the agent to change machine state.
Issues (5)
Insecure credential handling detected in skill instructions.
Third-party content exposure detected (indirect prompt injection risk).
Unverifiable external dependency detected (runtime URL that controls agent).
Direct money access capability detected (payment gateways, crypto, banking).
Attempt to modify system services in skill instructions.