Awesome
Secureum A-MAZE-X Maison de la Chimie, DeFi Security Summit
A Smart Contract Security Capture the Flag Workshop
*Hosted by Defi Security Summit as part of Defi Security 101*
Built with love by eugenioclrc, luksgrin, PeterisPrieditis, RomiRand and misirov
Special thanks to patrickd, StErMi, tinchoabbate and Rajeev for reviewing, commenting and helping during the elaboration and design of this CTF Workshop
<br>
Contents
Instructions ðđïļ
This Workshop consists in a series of challenges, of increasing difficulty, targeting different concepts and common vulnerabilities found in DeFi. The CTF consists of a series of challenges suitable for different levels of expertise.
<br>
Flavors
This workshop provides different flavors. Feel free to use the one you feel more comfortable with:
<br>
Important note
This set of challenges aren't set for competitive purposes. Their main objective is to showcase scenarios involving DeFi, Solidity
concepts and common vulnerabilities.
Focus on learning and having fun! ð
<br>How to play â
This challenge is thought for users who are very familiar with Solidity
and do not want to use additional languages.
The following setup tutorial will guide you through the installation of Foundry
and its setup.
Clone this repository
Run the command below to clone this repository into your local machine
git clone https://github.com/secureum/AMAZEX-DSS-PARIS.git
cd AMAZEX-DSS-PARIS
<br>
Install Foundry
(if you don't have Foundry
already installed)
Run the command below to get foundryup
the Foundry
toolchain installer:
curl -L https://foundry.paradigm.xyz | bash
Then, in a new terminal session (or after reloading your PATH
environmental variable), run foundryup
to get the latest forge
and cast
binaries:
foundryup
And finally, install the repository's dependencies by entering it and running:
forge install
Note that you might have to restart your terminal for the forge
command to become available.
At this point you should be all set. If not, check Foundry
's installation troubleshooting.
Solving a challenge
Challenge contracts are located in the subdirectories of the src/
directory. Do not modify them, as it may lead to unexpected behaviors within the challenges.
To solve a challenge, you must open the corresponding test/ChallengeX.t.sol
(where X is a number) and add your exploit code in the signalized areas within said file.
Then, to check if the challenge has been solved, execute the following command
forge test --match-path test/ChallengeX.t.sol
If the solution criteria have been reached, it shall display the following message
Running 1 test for test/ChallengeX.t.sol:ChallengeXTest
[PASS] testChallenge() (gas: XXXX)
Test result: ok. 1 passed; 0 failed; finished in XXXms
Alternatively, to check if all challenges have been solved, execute the following command:
bash isSolved.sh
which will return the test results for all challenges in order.
If one wishes to have a more detailed prompt (i.e. to see the logged messages), it is necessary to increase the verbosity with -vvvv
, for example:
forge test --match-path test/ChallengeX.t.sol -vvvv
Challenges ðŪ
- Challenge 1: Operation magic redemption ðŠðŪ
- Challenge 2: Mission Modern WETH: Rescue the Ether ð§ð§
- Challenge 3: LendEx pool hack ðĪšð
- Challenge 4: Operation Rescue
POSI
Token! ðžð - Challenge 5: Balloon Vault ðð
- Challenge 6: Safe Yield? ðĶð
- Challenge 7: Crystal DAO ðð
- Challenge 8: Liquidatoooor ðąðą
Slides
Find the slides of the event's presentation here.
CTF Writeup ðïļðïļðïļ
Writeups will be available after the event