How to Find Web3 Vulnerabilities Using Real Exploit Case Studies | Workshop with Glider

We take real-world smart contract exploits and convert their root causes into reusable detection logic that can uncover the same vulnerability patterns in other protocols. Instead of asking: “Why did this protocol get hacked?” We ask: “How can we systematically find this weakness elsewhere before it’s exploited?” ⸻ 🔍 What You’ll Learn • How to decide which exploits are worth modeling into detection patterns • What makes a vulnerability “query-friendly” • How to extract the real signal from an exploit write-up • Translating exploit mechanics into structured detection logic • How abstract vs specific your detection logic should be • How to avoid overfitting to one single incident • Common mistakes researchers make when modeling exploits • How to think in vulnerability patterns instead of exploit narratives ⸻ 🧪 Case Studies Covered We break down two real incidents: • MorningStar — Swap logic with no slippage checks • Oracle-based exploit — Unsafe use of price feeds inside swap logic For each case, we: 1. Identify the root vulnerability 2. Separate noise from signal 3. Build reusable detection logic 4. Discuss tradeoffs, debugging, and validation ⸻ 🧠 Who This Is For This workshop is designed for: • Smart contract security researchers • DeFi auditors • Bug bounty hunters • Web3 developers who want to understand exploit patterns • Anyone learning how to think in structured detection logic If you’re trying to move from “reading exploit postmortems” to actually building systems that detect vulnerability classes — this session is for you. -------- ⭐ GLIDER CONTEST: https://r.xyz/glider-query-database Glider IDE: https://glide.r.xyz/ Remedy platform: https://r.xyz/ Remedy Discord Server: https://discord.com/invite/HW7c6dFC5B