← Back to ZeroDay Dev

Docs

Stats, filters, badges, and how things work in the app.

Stats

Your progress is tracked locally on your device. No account required.

XP — Earn XP for each question you answer correctly. Use XP to unlock Advanced content and track your level.

Practice

3 XP per correct answer.

Exam

Base 10 XP per correct answer.
Speed bonus: +5 XP if you answer in under half the time.
Combo: 1.5× at 3 correct in a row, 2× at 5 correct in a row.
Difficulty multipliers: Easy 1×, Medium 1.25×, Hard 1.5×, Advanced 2×.
Length bonuses: Quick +10, Medium +25, Long +75.

Lightning Round

Base XP per correct answer.
+15 XP for 5+ correct.
+25 XP for 8+ correct.
+50 XP for beating your record.

Streaks — Complete at least one Practice or Exercise question per day. Streaks reset if you miss a day.

2 XP/day (1–2 days).
4 XP/day (3–4 days).
5 XP/day (5–9 days).
15 XP/day (10+ days, max).

Level tiers

Beginner (0–999).
Intermediate (1,000–2,999).
Expert (3,000–4,999).
Master (5,000+).

Home screen — Total XP, streak count, and questions answered are shown at a glance. Progress is stored locally and never leaves your device unless you use optional sync.

ZeroDay Dev home screen showing XP, streak, and Practice/Exam options

Filters

In Practice, tap Show filters to narrow which questions you see.

Domain — Filter by topic: Exploits, Solidity, Rust, DeFi, Solana, and more.
Difficulty — Filter by difficulty (e.g., Advanced). Advanced questions require enough XP to unlock.

Tag toggles — In addition to Domain and Difficulty:

Grandma — Show only Grandma (beginner-friendly) questions.
Real World — Show only questions tied to real-world exploits and incidents.

Filters affect which questions are shown in the queue. Clear filters to see the full question set again.

Why am I seeing only a few Advanced Exploits questions? Some question pools are hidden by Settings toggles. If Show Real World filter or Show Grandma filter is off, Practice and Exercises may cycle through a much smaller pool.

When Practice or Exercises says you've completed all questions and begins cycling, your active Settings toggles may be narrowing the pool. For the largest pool, enable Show Real World filter (and Show Grandma filter if needed) in Settings, then keep domain, difficulty, and tag filters broad (e.g., Tag = Any).

Settings with filter toggles (Real World, Grandma, Bookmark)

Badges

Badges reward consistency and milestones.

Streak badges — Earn badges for maintaining streaks (e.g., 7-day, 30-day).
XP milestones — Level up and unlock badges as you accumulate XP.
Domain badges — Earn a "Domain Certified" badge (e.g. "Rust Certified") by completing 3 exams with 80%+ in the same domain. Domain-specific exams only (not Random or Lightning Round).
Special badges — First exploit solved, exam completion, and other achievements.

View your badges in the More tab.

Domains

Content is organized by domain. Each domain covers a specific area. Below is a breakdown of what you'll find in each.

Exploits (real-world browse)

The Exploits tab lets you browse real-world incidents by protocol, date, and amount. Tap an incident to see its summary, then jump into the practice flow and exercises for that exploit. It's separate from generic Practice—here you're exploring verified incidents first, then drilling into them.

Exploits

Real-world exploit patterns and incident analysis. Learn from verified incidents.

Reentrancy — Classic, cross-function, read-only; checks-effects-interactions; reentrancy guards.
Oracle manipulation — Spot price manipulation, TWAP bypass, thin liquidity feeds (bZx, Cream, Moonwell, Fuse).
Flash loans — Governance takeover (Beanstalk), share-price inflation (Indexed Finance), collateral manipulation.
Proxy races — Uninitialized proxy takeover (Sigma.Money, Polygon clone wallets), CPIMP front-run.
Real incidents — Beanstalk (~$76M), Indexed Finance (gulp), bZx (Feb 2020), VeilCash (Groth16), Sigma.Money (proxy backdoor), Yearn yETH (solver divergence), Bybit (~$1.5B signing UI spoofing), Truebit (overflow), and 30+ more. Solana: Pump.fun bonding curve, Wormhole sysvar spoofing, Jito MEV, web3.js NPM backdoor, Token-2022 delegate/recursion, Loopscale RateX, stake pool semantic bug, x402 signature bypass, and more.

Solidity

Smart contract security, EVM concepts, and upgradeable patterns.

Proxies — Transparent proxy, UUPS, beacon proxy, diamond (EIP-2535); routing, selector clash (CVE-2023-30541), upgrade freeze.
Storage collisions — Slot derivation, EIP-1967, delegatecall storage; __gap for upgrades; diamond storage namespacing.
OpenZeppelin — Upgradeable contracts, initializer pattern, UUPS security, Multicall msg.value, ERC2771 meta-transactions.
Core security — Reentrancy, tx.origin phishing, checks-effects-interactions; mapping slot layout (keccak256); constructor vs initialize.
Standards — ERC-4626 vault rounding, EIP-712 signing, ERC-2981 royalties; abi.encode vs abi.encodePacked collision risks.

Rust

Memory safety, ownership, borrowing, and systems programming.

Ownership & borrowing — Move semantics, references, lifetimes, interior mutability.
Error handling — Result, Option, unwrap vs expect; propagation.
Async & concurrency — Tokio, futures, pin/unpin; Axum, Tower middleware.
CLI & tooling — Clap, stdin/stdout, pipes, JSON processing.

DeFi

Protocol mechanics, AMMs, lending, and oracle design.

AMMs — Constant-product, StableSwap, Uniswap V3/V4; price impact, impermanent loss, LVR.
Lending — Collateral, liquidation, health factor; oracle design tradeoffs.
Oracles — TWAP variants (arithmetic, geometric, tick-accumulator), spot vs median; liquidity checks.
Vaults — Share pricing, ERC-4626, rounding; solver convergence (Yearn yETH).

Solana

Solana-specific security and program patterns.

Account model — PDAs, seeds, bump; rent exemption; CPI, signer checks.
Security — Account validation, type cosplay, reinitialization; signer verification (ed25519, secp256k1).
Anchor — Constraints, discriminators, zero-copy accounts.
Real incidents — Pump.fun bonding curve, Wormhole sysvar spoofing, Jito sandwich MEV, web3.js NPM backdoor, Token-2022 (Permanent Delegate, ExtraAccountMetaList, direct execute), Loopscale RateX, owner field reassignment, CPI state staleness, stake pool semantic bug, x402 signature bypass, web3.js DoS. 13 Solana exploits covered across Practice, Exercises, and glossary.

Trading Strategies

Execution risk, counterparty risk, and strategy design.

Execution — Slippage, liquidity, MEV; delta-neutral, arbitrage, market making.
Real-world context — Bybit custody risk, GMX share-price manipulation, oracle spikes (Moonwell/Fuse).

Other domains

Dev Concepts — CLI tools, system design, CS fundamentals.
Cybersecurity — Network security, web security (OWASP), lab setup (Burp, Kali).
Machine Learning — Deep learning, NLP, RL, MLOps, AI safety.
ZK Proofs — SNARKs, STARKs, circuits, Groth16 trusted setup, rollups.

Use filters to focus on one domain or mix them for variety.

Ops & scenarios

Ops runs narrative scenarios: timed, consequence-based sessions. An intro leads into chapters—each chapter combines narrative text with questions. If you fail, you see the consequence, then a debrief with XP and badges. Scenarios are structured runs, not one-off questions.

War Rooms

War Rooms are a scenario flavor: real-incident–style timelines with high pressure. Optional in-session chat can be enabled. They use the same Ops structure (chapters, consequences, debrief) but with a distinct, incident-response feel.

Practice

Practice mode lets you build exploit intuition through quick, interactive questions. No reading docs—just tap, drag, or select.

Question types:

Tap-to-highlight — Tap the vulnerable line, panicking line, or correct answer in code.
Multiple choice — Select the correct answer from options.
Fill-in-the-blank — Drag tokens into slots to complete code or definitions.
Drag-to-order — Arrange blocks in the correct execution order.
Match pairs — Match terms to definitions (e.g., exploit → vulnerability class).
Swipe — Swipe left/right to classify (e.g., exploit vs. safe).

Practice exercises — Multi-step exercises appear in Practice mode. Each step is revealed after you answer the previous one. Tap the vulnerable line → explain why → select the correct fix. Partial XP is awarded per correct step. Advanced exercises require 5,000 XP to unlock.

Grandma Questions

Grandma questions are simple introductions to concepts. They're designed for newcomers—explainable to someone without prior knowledge. Use them to get your bearings in a domain before tackling harder material.

They're typically Easy difficulty, single-step, and available across domains (Rust, DeFi, Solidity, and more). Filter by the Grandma tag in Practice to focus on them. Answer all Easy Grandma questions correctly to unlock Grandma's House. Grandma's House is a special theme (warm cookie-style palette) you can select in Settings once unlocked. Advanced Grandma is a separate, harder tier gated by the Advanced Grandma Challenge.

Exercises

Exercises are full code challenges with reference solutions. Deeper dives when you're ready.

Multi-step — Same format as Practice exercises: step 1 (tap vulnerable line), step 2 (why vulnerable), step 3 (correct fix).
Reference solution — After completing an exercise, you can view the full reference solution.
Difficulty — Filter by Easy, Medium, Hard, or Advanced. Advanced is gated by XP.

Exam

Exam mode prepares you for real security assessments. Timed tests across domains with performance tracking.

Standard exam — Set number of questions, timed. Choose domain(s) and difficulty.
Lightning round — Timed sprint with interactive-only questions (tap, swipe, drag, matching; no multiple choice).
- Duration options: 45, 60, or 90 seconds (configurable in Settings).
- No feedback during the round; feedback only at the end.
- Skip counts as wrong but does not deduct XP.
- Beat your best score for a 50 XP bonus.
Grading — Letter grades (A, B, C, D, F) based on accuracy and time.
Domain badges — Complete exams in a domain to earn topic-specific badges.
Advanced tier — Unlock Advanced difficulty in Exam mode at 5,000 XP.

Choose your domain, difficulty, and exam length. Lightning Round duration (45, 60, or 90 seconds) is configurable in Settings, where you can also choose your theme.

Exam setup screen with domain and difficulty options

Challenges

Special challenges unlock new content and prove your skills.

Advanced Challenge — Solve a timed puzzle to unlock Advanced difficulty questions. Wrong answer costs XP and triggers a multi-hour cooldown before you can try again. Requires correct reasoning; no spoilers.
Advanced Grandma Challenge — Answer all Advanced Grandma questions correctly to earn the Grandma's Favorite badge and unlock Advanced Grandma content.
XP gates — Advanced content (5,000 XP) and Advanced Grandma are gated by progression. Build foundations first.
Answer flexibility — Challenge answers use fuzzy matching. Multiple valid phrasings are accepted for each question, so you don't need to match a single exact string. Minor variations in wording or spelling may still be marked correct.

EIP Atlas

Searchable ERC and EIP standards. Browse by number or keyword. Each standard can link to "practice this EIP"—questions and exercises that drill that specific standard.

Protocol Patterns

DeFi architecture layers and invariants. Browse patterns (lending, AMM, vault, etc.) and "practice this pattern" to reinforce the design and its failure modes.

Glossary

The app includes a built-in glossary of security and DeFi terms. Access it from the More tab.

Domain filter — Filter glossary terms by domain (Exploits, Solidity, DeFi, etc.).
Search — Find terms by keyword.
Related terms — Cross-links between related concepts.
Foundations toggle — Show or hide foundational/prerequisite terms.
Exploit glossary — Reentrancy (classic, cross-function, read-only), oracle manipulation, flash loans, proxy races, share-price inflation, governance takeover, and other vulnerability classes. Definitions include real-world examples (TheDAO, bZx, Beanstalk, Indexed Finance, Cream, Euler, Sigma.Money).
Foundational terms — Perpetuals, leverage, margin, funding rate, and core DeFi concepts.
In-context — Questions with term and term_definition show the definition in the feedback. A glossary hint may appear when viewing feedback with term definitions.

Glossary with exploit and security terms

On-chain User Feedback

You can submit feedback on-chain via WalletConnect. Your feedback is stored permanently on Base (default) or Ethereum.

Connect & Send — Tap "Connect & Send via WalletConnect" in the feedback flow. Connect your wallet, approve the pre-filled transaction.
Chains — Base (chain ID 8453) is the default. Ethereum is also supported.
Contract addresses
- Base: 0x026221f3bbeb81CF82867E7078Ca950Ad62ffcAD (Basescan)
- Ethereum: 0xB78997C1c6221D9194a31Dc53ea6cbE3241dD93b (Etherscan)
View feedback — Use the links above to view all submitted feedback (FeedbackSubmitted events) on each contract.
Copy calldata — If WalletConnect isn't available, you can copy the calldata and open your browser wallet to send manually.

Each submission emits a FeedbackSubmitted event with your message, app version, feedback type, and timestamp—visible on block explorers.

On block explorers, each submission appears as a FeedbackSubmitted event:

FeedbackSubmitted event on block explorer showing decoded message, sender, appVersion, feedbackType, and timestamp

ZeroDayDev.dev