Home

Awesome

CTF Blockchain Challenges

This repository collects blockchain challenges in CTFs and wargames.

These challenges are categorized by topic, not by difficulty or recommendation. Also, there are my writeups and exploits for some challenges (e.g., Paradigm CTF 2022). Please be aware that these contain spoilers.

If there are any incorrect descriptions, I would appreciate it if you could let me know via issue or PR!


Table of Contents


Ethereum

Note:

Smart contract basics

ChallengeNote, Keywords
Capture The Ether: Deploy a contractfaucet, wallet
Capture The Ether: Call mecontract call
Capture The Ether: Choose a nicknamecontract call
Capture The Ether: Guess the numbercontract call
Capture The Ether: Guess the secret numberkeccak256
Ethernaut: 0. Hello Ethernautcontract call, ABI
Ethernaut: 1. Fallbackreceive Ether function
Paradigm CTF 2021: Hellocontract call
0x41414141 CTF: sanity-checkcontract call
Paradigm CTF 2022: RANDOMcontract call
DownUnderCTF 2022: Solve Me
LA CTF 2024: remi's-world

EVM puzzles

ChallengeNote, Keywords
Capture The Ether: Guess the new numberblock.number, block.timestamp
Capture The Ether: Predict the block hashblockhash
Ethernaut: 13. Gatekeeper Onemsg.sender != tx.origin, gasleft().mod(8191) == 0, type conversion
Ethernaut: 14. Gatekeeper Twomsg.sender != tx.origin, extcodesize is 0
Cipher Shastra: Minionmsg.sender != tx.origin, extcodesize is 0, block.timestamp
SECCON Beginners CTF 2020: C4Bblock.number
Paradigm CTF 2021: Babysandboxstaticcall, call, delegatecall, extcodesize is 0
Paradigm CTF 2021: Lockboxecrecover, abi.encodePacked, msg.data.length
EthernautDAO: 6. (No Name)block.number, gas price war
fvictorio's EVM Puzzles
Huff Challenge: Challenge #3
Paradigm CTF 2022: LOCKBOX2
Paradigm CTF 2022: SOURCECODEquine
Numen Cyber CTF 2023: LittleMoneyfunction pointer
Numen Cyber CTF 2023: ASSLOTstaticcall that return different values
Paradigm CTF 2023: Black SheepHuff

Misuse of tx.origin

ChallengeNote, Keywords
Ethernaut: 4. Telephone

Weak sources of randomness from chain attributes

ChallengeNote, Keywords
Capture The Ether: Predict the future
Ethernaut: 3. Coin Flip
DownUnderCTF 2022: Crypto Casino
Paradigm CTF 2023: SkillBasedGame

ERC-20 basics

ChallengeNote, Keywords
Ethernaut: 15. Naught Cointransfer, approve, transferFrom
Paradigm CTF 2021: SecureWETH
DeFi-Security-Summit-Stanford: VToken

Storage overwrite by delegatecall

ChallengeNote, Keywords
Ethernaut: 6. Delegation
Ethernaut: 16. Preservation
Ethernaut: 24. Puzzle Walletproxy contract
Ethernaut: 25. Motorbikeproxy contract, EIP-1967: Standard Proxy Storage Slots
DeFi-Security-Summit-Stanford: InSecureumLenderPoolflash loan
QuillCTF2023: D3l3g4t3
Numen Cyber CTF 2023: Counterwriting EVM code

Context mismatch in delegatecall

ChallengeNote, Keywords
EthernautDAO: 3. CarMarketNon-use of address(this)

Integer overflow

ChallengeNote, Keywords
Capture The Ether: Token salemultiplication
Capture The Ether: Token whalesubtraction
Ethernaut: 5. Tokensubtraction

Ether transfer failures for non-payable contracts

ChallengeNote, Keywords
Ethernaut: 9. King
Project SEKAI CTF 2022: Random SongChainlink VRF

Forced Ether transfers to non-payable contracts via selfdestruct

ChallengeNote, Keywords
Capture The Ether: Retirement fundinteger overflow
Ethernaut: 7. Force

Large gas consumption by contract callees

ChallengeNote, Keywords
Ethernaut: 20. Denial

Forgetting to set view/pure to interface and abstract contract functions

ChallengeNote, Keywords
Ethernaut: 11. Elevatorinterface

view functions that do not always return same values

ChallengeNote, Keywords
Ethernaut: 21. Shop

Mistakes in setting storage and memory

ChallengeNote, Keywords
N1CTF 2021: BabyDefiCover Protocol infinite minting + flash loan

Tracing transactions

ChallengeNote, Keywords
Ethernaut: 17. Recoveryloss of deployed contract address

Reversing states

ChallengeNote, Keywords
Capture The Ether: Guess the random number
Ethernaut: 8. Vault
Ethernaut: 12. Privacy
Cipher Shastra: Sherlock
0x41414141 CTF: secure enclavelog, storage
EthernautDAO: 1. PrivateData

Reversing transactions

ChallengeNote, Keywords
darkCTF: Secret Of The Contract
DownUnderCTF 2022: Secret and Ephemeral

Reversing EVM bytecodes

ChallengeNote, Keywords
Incognito 2.0: Ezkeep in plain text
0x41414141 CTF: crackme.soldecompile
0x41414141 CTF: Crypto Casinobypass condition check
Paradigm CTF 2021: Babyrev
34C3 CTF: Chaingang
Blaze CTF 2018: Smart? Contract
DEF CON CTF Qualifier 2018: SAG?
pbctf 2020: pbcoin
Paradigm CTF 2022: STEALING-SATS
Paradigm CTF 2022: ELECTRIC-SHEEP
Paradigm CTF 2022: FUN-REVERSING-CHALLENGE
DownUnderCTF 2022: EVM Vault Mechanism
EKOPARTY CTF 2022: Bytestack tracing
EKOPARTY CTF 2022: SmartRevmemory tracing
Numen Cyber CTF 2023: HEXPprevious block hash == gas price % 2^24
BlazCTF 2023: Maze
BlazCTF 2023: Jambo
BlazCTF 2023: Ghost
Curta: LanaLLVM

EVM assembly logic bugs

ChallengeNote, Keywords
Project SEKAI CTF 2024: ZooPausable

EVM bytecode golf

ChallengeNote, Keywords
Ethernaut: 18. MagicNumber
Paradigm CTF 2021: ReverPalindrome detection. In addition, the code that inverts the bytecode must also be able to detect palindromes.
Huff Challenge: Challenge #1

Jump-oriented programming

ChallengeNote, Keywords
SECCON CTF 2023 Quals: Tokyo Payload
Paradigm CTF 2021: JOP
Real World CTF 3rd: Re:Montagy

Gas optimization

ChallengeNote, Keywords
Huff Challenge: Challenge #2

Collisions when using abi.encodePacked with variable length arguments

ChallengeNote, Keywords
SEETF 2023: Operation Feathered Fortune Fiasco

Bypassing verifications with zero iteration loops

ChallengeNote, Keywords
SEETF 2023: Murky SEEPassarray length, Merkle proof

Reentrancy attacks

ChallengeNote, Keywords
Capture The Ether: Token bankERC-223, tokenFallback()
Ethernaut: 10. Re-entrancycall
Paradigm CTF 2021: Yield Aggregator
HTB University CTF 2020 Quals: moneyHeist
EthernautDAO: 4. VendingMachinecall
DeFi-Security-Summit-Stanford: InsecureDexLPERC-223, tokenFallback()
MapleCTF 2022: maplebacoin
QuillCTF 2022: SafeNFTERC721, _safeMint()
Numen Cyber CTF 2023: SimpleCallcall
SEETF 2023: PigeonBank
Project SEKAI CTF 2023: Re-RemixRead-Only Reentrancy
SECCON Beginners CTF 2024: vote4bERC721, _safeMint()

Flash loan basics

ChallengeNote, Keywords
Damn Vulnerable DeFi: 1. UnstoppableSimple flash loan with a single token. Failure to send the token directly.
Damn Vulnerable DeFi: 2. NaivereceiverThe flashLoan function can specify a borrower, but the receiver side does not authenticate the TX sender, so the receiver's funds can be drained as a fee
Damn Vulnerable DeFi: 3. TrusterThe target of a call is made into the token and the token can be taken by approving it to oneself
Damn Vulnerable DeFi: 4. SideentranceFlash loan that allows each user to make a deposit and a withdrawal. The deposit can be executed at no cost at the time of the flash loan.

Governance attacks by executing flash loans during snapshots

ChallengeNote, Keywords
Damn Vulnerable DeFi: 5. TherewarderGet reward tokens based on the deposited token balance.
Damn Vulnerable DeFi: 6. SelfieGet voting power in governance based on the deposited token balance.

Bypassing repayments of push architecture flash loans

ChallengeNote, Keywords
Paradigm CTF 2021: UpgradeBypass using the lending functionality implemented in the token

Bugs in AMM price calculation algorithm

ChallengeNote, Keywords
Ethernaut: 22. Dex

Attacks using custom tokens

ChallengeNote, Keywords
Ethernaut: 23. Dex Two

Oracle manipulation attacks without flash loans

ChallengeNote, Keywords
Paradigm CTF 2021: BrokerDistort Uniswap prices and liquidate positions on lending platforms that reference those prices
Damn Vulnerable DeFi: 7. CompromisedOff-chain private key leak & oracle manipulation

Oracle manipulation attacks with flash loans

ChallengeNote, Keywords
Damn Vulnerable DeFi: 8. PuppetDistort the price of Uniswap V1 and leak tokens from a lending platform that references that price
DeFi-Security-Summit-Stanford: BorrowSystemInsecureOraclelending protocol

Sandwich attacks

ChallengeNote, Keywords
Paradigm CTF 2021: FarmerSandwich the trade from COMP to WETH to DAI

Recoveries of private keys by same-nonce attacks

ChallengeNote, Keywords
Capture The Ether: Account Takeover
Paradigm CTF 2021: Babycrypto
MetaTrust CTF: ECDSA

Brute-forcing addresses

ChallengeNote, Keywords
Capture The Ether: Fuzzy identity28 bits, CREATE2
Numen Cyber CTF 2023: Exist16 bits

Recoveries of public keys

ChallengeNote, Keywords
Capture The Ether: Public KeyRLP, ECDSA

Encryption and decryption in secp256k1

ChallengeNote, Keywords
0x41414141 CTF: Rich ClubDEX, flash loan

Bypassing bots and taking ERC-20 tokens owned by wallets with known private keys

ChallengeNote, Keywords
EthernautDAO: 5. EthernautDaoToken

Claimable intermediate nodes of Merkle trees

ChallengeNote, Keywords
Paradigm CTF 2022: MERKLEDROP

Precompiled contracts

ChallengeNote, Keywords
Paradigm CTF 2022: VANITY

Faking errors

ChallengeNote, Keywords
Ethernaut: 27. Good Samaritan

Foundry cheatcodes

ChallengeNote, Keywords
Paradigm CTF 2022: TRAPDOOOR
Paradigm CTF 2022: TRAPDOOOOR

Front-running

ChallengeNote, Keywords
DownUnderCTF 2022: Private Log
DiceCTF 2024: FloordropGeth

Back-running

ChallengeNote, Keywords
MEV-Share CTF: MevShareCTFSimple 1
MEV-Share CTF: MevShareCTFSimple 2
MEV-Share CTF: MevShareCTFSimple 3
MEV-Share CTF: MevShareCTFSimple 4
MEV-Share CTF: MevShareCTFMagicNumberV1
MEV-Share CTF: MevShareCTFMagicNumberV2
MEV-Share CTF: MevShareCTFMagicNumberV3
MEV-Share CTF: MevShareCTFNewContract (Address)
MEV-Share CTF: MevShareCTFNewContract (Salt)CREATE2

Head overflow bugs in calldata tuple ABI-reencoding (< Solidity 0.8.16)

ChallengeNote, Keywords
0CTF 2022: TCTF NFT Market
Numen Cyber CTF 2023: Walletillegal v in ecrecover

Overwriting storage slots via local storage variables (< Solidity 0.8.1)

ChallengeNote, Keywords
Capture The Ether: Donation

Overwriting arbitrary storage slots by setting array lengths to 2^256-1 (< Solidity 0.6.0)

ChallengeNote, Keywords
Capture The Ether: Mapping
Ethernaut: 19. Alien Codex
Paradigm CTF 2021: Bank

Constructors that is just functions by typos (< Solidity 0.5.0)

ChallengeNote, Keywords
Capture The Ether: Assume ownership
Ethernaut: 2. Fallout

Overwriting storage slots via uninitialized storage pointer (< Solidity 0.5.0)

ChallengeNote, Keywords
Capture The Ether: Fifty years
Ethernaut: Lockeddeleted

Other ad-hoc vulnerabilities and methods

ChallengeNote, Keywords
Paradigm CTF 2021: BouncerThe funds required for batch processing are the same as for single processing.
Paradigm CTF 2021: MarketMake the value of one field be recognized as the value of another field by using key misalignment in the Eternal Storage pattern.
EthernautDAO: 2. WalletLibrarym and n of m-of-n multisig wallet can be changed.
Paradigm CTF 2022: RESCUE
Paradigm CTF 2022: JUST-IN-TIME
Paradigm CTF 2022: 0XMONACO
BalsnCTF 2022: NFT Marketplaceinitialize, _safeTransferFrom, CREATE2
Numen Cyber CTF 2023: LenderPoolflash loan
Numen Cyber CTF 2023: GOATFinancecheck sum address
SEETF 2023: Pigeon VaultEIP-2535: Diamonds, Multi-Facet Proxy
corCTF 2023: baby-walletmissing from != to check

Bitcoin

Note

Bitcoin basics

ChallengeNote, Keywords
TsukuCTF 2021: genesisgenesis block
WORMCON 0x01: What's My Wallet AddressBitcoin address, RIPEMD-160

Recoveries of private keys by same-nonce attacks

ChallengeNote, Keywords
darkCTF: Duplicacy Within

Bypassing PoW of other applications using Bitcoin's PoW database

ChallengeNote, Keywords
Dragon CTF 2020: Bit Flip 264-bit PoW

Solana

ChallengeNote, Keywords
ALLES! CTF 2021: Secret Storesolana,spl-token
ALLES! CTF 2021: Legit Bank
ALLES! CTF 2021: Bugchain
ALLES! CTF 2021: eBPFreversing eBPF
Paradigm CTF 2022: OTTERWORLD
Paradigm CTF 2022: OTTERSWAP
Paradigm CTF 2022: POOL
Paradigm CTF 2022: SOLHANA-1
Paradigm CTF 2022: SOLHANA-2
Paradigm CTF 2022: SOLHANA-3
corCTF 2023: tribunal
Project SEKAI CTF 2023: The Bidding
Project SEKAI CTF 2023: Play for Free

Cosmos

CosmWasm

ChallengeNote, Keywords
Oak Security CosmWasm CTF: 1. Mjolnirlogic bug
Oak Security CosmWasm CTF: 2. Gungnirinteger overflow
Oak Security CosmWasm CTF: 3. Laevateinnaddress validation, uppercase
Oak Security CosmWasm CTF: 4. Graminvariant, rounding error
Oak Security CosmWasm CTF: 5. Draupnirmissing return
Oak Security CosmWasm CTF: 6. Hofundflash loan, governance
Oak Security CosmWasm CTF: 7. Tyrfingstorage collision
Oak Security CosmWasm CTF: 8. Gjallarhorn
Oak Security CosmWasm CTF: 9. Brisingamen
Oak Security CosmWasm CTF: 10. Mistilteinn

Application-specific blockchain

ChallengeNote, Keywords
RealWorld CTF 3rd Finals: Billboard

Move

ChallengeNote, Keywords
Numen Cyber CTF 2023: Move to Checkincontract call in Sui
Numen Cyber CTF 2023: ChatGPT tell me where is the vulnerabilityOSINT
Numen Cyber CTF 2023: Move to Crackmereversing Move code and Linux executable
justCTF 2024 teaser: The Otter Scrolls
justCTF 2024 teaser: Dark BrOTTERhood
justCTF 2024 teaser: World of Ottercraft

Cairo

ChallengeNote, Keywords
Paradigm CTF 2022: RIDDLE-OF-THE-SPHINXcontract call
Paradigm CTF 2022: CAIRO-PROXYinteger overflow
Paradigm CTF 2022: CAIRO-AUCTIONUint256
BalsnCTF 2022: Cairo Reversereversing

Other Blockchain-Related

ChallengeNote, Keywords
TsukuCTF 2021: InterPlanetary ProtocolIPFS address, Base32 in lowercase