Awesome
Blaz CTF 2023
This repo contains the infrastructure & challenges for the Blaz CTF in 2023. The infrasturcture is built on top of kCTF.
Directory:
infrastructure
: Contains the infrastructure code forked from paradigm-ctf-infrastructure with some modifications.challenges
: Challenges code and environment setup.solutions
: Solutions for the challenges.
How launch the challenge locally?
- cd into
infrastucture/paradigmctf.py
and rundocker-compose up -d
to start the infra servers. - cd into
challenges/<challenge_name>/challenge
and rundocker-compose up -d
to start the challenge server. - nc localhost 1337 to manage instance.
Remember to delete existing instance before you switch to another challenge.
Challenges
Below is the list of challenges and authors' solution.
Hello World
By tonyke (@tonyke_bot) / 9 Points
Description:
Tony heard about Ethereum and decided to explore. Soon, he discovered an interesting transaction: 0xe19bd1067cbdc46d6fdb8b374e3ca384c32fd88e1413a9434e03c36b36924877
Solution: https://github.com/fuzzland/blaz-ctf-2023/blob/main/solutions/hello-world.md
Rock Scissor Paper
By tonyke (@tonyke_bot) / 99 Points / Handouts
Description:
Tony found out average salary of smart contract developers could reach millions of dollars. He started to learn about Solidity and deployed his first ever smart contract of epic rock scissor paper game!
Solution: https://github.com/fuzzland/blaz-ctf-2023/blob/main/solutions/rock-paper-scissor.md
Eazy NFT
By doudou (@i0xAWM) / 111 Points / Handouts
Description:
NFT market was slowly booming and Tony's friends were showing off their NFT holdings. Tony had finally whitelisted a NFT project, he's anxiously waiting for minting his first NFT.
Solution: https://github.com/fuzzland/blaz-ctf-2023/blob/main/solutions/eazy-nft.md
Hide on Bush
By tonyke (@tonyke_bot) / 286 Points / Handouts
Description:
Tony wanted to buy Azuki NFT with ETHs but he only had USDT. He gave Uniswap a try to swap for some ETHs. He had no idea about slippage and set it to 100. Tony later discovered that he recived no ETHs. He cried all day.
Solution: https://github.com/fuzzland/blaz-ctf-2023/blob/main/solutions/hide-on-bush.md
Missing
By doudou (@i0xAWM) / 383 Points / Handouts
Description:
Tony is dizzy by Web3's various projects and technologies. He needs to clear his veins. Let's see what he will do.
Solution: https://github.com/fuzzland/blaz-ctf-2023/tree/main/solutions/missing
Lockless Swap
By shou (@shoucccc) / 165 Points / Handouts
Description:
With all his fancy onchain games built, Tony got successfully hired by Pancakeswap. He was in charge of reducing gas cost when swapping tokens. One day, he figured reentrancy lock keeps writing storage, which is quite costly. He secretly removed the lock, handed to CertiK for audits, and deployed the new gas-savvy Pancakeswap V2.
Solution: https://github.com/fuzzland/blaz-ctf-2023/tree/main/solutions/lockless-swap
Ketai
By shou (@shoucccc) / 253 Points / Handouts
Description:
Tony got fired from Pancakeswap. To pay his rents, Tony started to build shitcoins. Here is his first shitcoin Ketai. Luckily, Tony was friend of CZ and secured $5m investment for Ketai.
Solution: https://github.com/fuzzland/blaz-ctf-2023/tree/main/solutions/ketai
Tornado Crash
By Hanzhi (Riema Labs) @MisakaCenter / 478 Points / Handouts
Description:
Ether price plummeted. Tony figured Ethereum would die shortly. After his friends told him ZK was going to be the next hot spot, Tony started to learn ZK. However, he was so bad at math that he couldn't even understand simple concepts. To get hired as a ZK engineer, Tony deployed an ancient ZK protocols to the chain, claiming it is built by him.
Note: This challenge uses the same code as <a href="https://github.com/barryWhiteHat/miximus">Miximus</a> with <a href="https://drive.google.com/file/d/1OMziktfWAvCr-twkNl74IxAay6YEis7R/view?usp=sharing">this proving key</a>
Solution: N/A
Cup of Tea
By yype (@_yype) / 405 Points / Handouts
Description:
Tony got some $sui from his friend Shou. He decided to contribute to the ecosystem. Here is his first ever Move module built.
Solution: https://github.com/fuzzland/blaz-ctf-2023/tree/main/solutions/cup-of-tea
Saluting Ducks
By shou (@shoucccc) / 405 Points / Handouts
Description:
All Tony's shitcoins got hacked. Liquidity providers of those shitcoins sued Tony.
To reimburse the liquidity providers, Tony built a GameFi about ducks (ducks are the cutest animal!)
Hint 1: What happens when you compare values of different types in JS?
Hint 2: To solve this challenge, you need to leverage different JS features / common vulnerabilities.
Solution: https://github.com/fuzzland/blaz-ctf-2023/tree/main/solutions/saluting-ducks.md
Be biLlionAireS Today
By shou (@shoucccc) / 253 Points / Handouts
Description:
Tony led the tech team for a shady Ethereum L2. He assured the CEO that a multi-signature wallet architecture would help protect user funds. He claimed private keys of multisig owners were stored in different hardware wallets and tattooed under his feet so it is super safe.
Note: This challenge runs on fork of Ethereum. Tony added three additional addresses to the multisig:
- 0x6813Eb9362372EEF6200f3b1dbC3f819671cBA69
- 0x7E5F4552091A69125d5DfCb7b8C2659029395Bdf
- 0x2B5AD5c4795c026514f8317c7a215E218DcCD6cF
Solution: https://github.com/fuzzland/blaz-ctf-2023/tree/main/solutions/be-billionaire-today.md
Maze
By publicqi (@publicqi) / 195 Points / Handouts
Description:
Tony made billions $ from rug pulling. He bought an island in Fiji, started to study philosophy, and devoted to learning labyrinth.
Solution: https://github.com/fuzzland/blaz-ctf-2023/tree/main/solutions/maze
Ghost
By Robert Chen (OtterSec) @notdeghost / 274 Points / Handouts
Description:
"Memory cannot be defined, yet it defines mankind."
Solution: N/A
Jambo
By publicqi (@publicqi) / 158 Points / Handouts
Description:
Tony went crazy. No one knows what he has deployed on Ethereum.
Solution: https://github.com/fuzzland/blaz-ctf-2023/tree/main/solutions/jambo