Collaborative Testing with Phalcon Fork

"Damn Vulnerable DeFi" on Phalcon Fork

Understanding Phalcon Fork

​Phalcon Fork is a specialized tool designed for Web3 developers and security researchers to conduct collaborative testing with private mainnet states. It allows users to create a Fork from any mainnet state and send transactions to the Fork via an RPC endpoint. This innovative tool has two key features that set it apart from other platforms.

  • Firstly, it offers the ability to browse all transactions and, more crucially, debug them using the Phalcon Explorer.

  • Secondly, it boasts an internal block browser named Phalcon Fork Scan, akin to Etherscan, facilitating easier viewing of transactions and accounts within the Fork.

You can access Phalcon Fork at

In essence, Phalcon Fork is a private testnet that syncs with the mainnet. With its integrated features, such as the Phalcon Explorer and internal block browser, it significantly enhances user experience.

Applications of Phalcon Fork

Phalcon Fork is an ideal tool for collaborative testing or demonstrations. For better clarity, this section will describe how it can be utilized effectively in public testing scenarios.

Collaboration Among Developers

Effective collaboration among developers is key during protocol development, especially when debugging the protocol. This becomes even more challenging when developers are scattered globally, making debugging a transaction that triggers a protocol's corner case difficult.

Phalcon Fork simplifies this process by enabling the creation of a private testnet where transactions can be executed. Developers can collectively use Phalcon Explorer to debug transactions, making it a more streamlined process than using local debug environments like Foundry and Hardhat.

Collaboration Among Developers and Users

Public testing is essential when introducing a new protocol as it requires thorough testing. This includes user-based testing. One option is to deploy the protocol on a testnet, allowing users to issue transactions to the testnet via MetaMask.

However, using a testnet presents the challenge of unsynchronized states with the mainnet. Furthermore, dependent protocols may not exist in the testnet, complicating the testing process. Phalcon Fork offers a solution to these issues by enabling a protocol to create a Fork from the mainnet and share the RPC with users. Users can then import the RPC into MetaMask to interact with the protocol. All test transactions can be displayed using Phalcon Scan, mirroring Etherscan's functionality.

Moreover, to prevent abuse of the Fork, protocols can implement measures such as allowing only addresses included in an allow list to issue transactions.

Implementing "Damn Vulnerable DeFi" on Phalcon Fork

Damn Vulnerable DeFi serves as a learning platform for understanding the offensive security of DeFi smart contracts in Ethereum. The original version relies on Hardhat (and Foundry) and can only be used locally.

With Phalcon Fork, we can create a Fork for each challenge, thereby enabling an enhanced online learning experience. In the next section, I will use the Foundry version (with some alterations to the deployment script) and the second challenge (Native receiver) to illustrate this.

Create a Fork and Deploy the Challenge

We initially created a Fork. Next, we deploy the challenge into this Fork, which involves deploying vulnerable contracts. The deployment script is shown in the Github repository.

Then using the following command to deploy the challenge.

forge script script/NaiveReceiver.deploy.sol --broadcast --rpc-url [FORK_RPC] --verify --verifier-url '[RPC_ID]' -vvvv --etherscan-api-key [API_KEY]

The FORK_RPC, RPC_ID and API_KEY can be obtained according to this document.

Note that, I do not make the transactions inside this Fork private. So everyone can browse the transactions and contracts inside this Fork through the following URL.

Of course, the transactions inside a Fork can be private to only project members by turning on the following configuration in Fork's Settings.

We can visualize the deployed contracts and the verified contract’s source code. Moreover, we can view the transaction list within the Fork.

Solve the Challenge

To solve the challenge, we deploy an Attacker contract, followed by issuing the attack transaction.

The source code of the Attacker contract and the script to issue the attack transaction is in the Github repository.

forge script script/NaiveReceiver.attack.sol --broadcast --rpc-url [FORK_RPC]


Phalcon Fork allows for the creation of a private testnet synced with the mainnet. The created Fork can be accessed using RPC and is compatible with development frameworks. The inclusion of tools such as the Phalcon Explorer and internal block scanner enables the development of more complex scenarios.

Last updated