Home

Awesome

PuzzleBox CTF

Do you have what it takes to unlock this devious solidity puzzle box? You will need to demonstrate your understanding of the EVM, solidity, and smart contract vulnerabilities and chain them together in an exact sequence to get inside. How far can you get?

Setup

# clone this repo
git clone git@github.com:dragonfly-xyz/puzzlebox-ctf.git && cd puzzlebox-ctf
# install foundry
forge install
# run/check your solution
forge test -vvvv

PuzzleBox Design

architecture diagram

Puzzlebox instances use a familiar proxy pattern, with the main logic contract being PuzzleBox and the proxy contract being PuzzleBoxProxy. The contract that deploys and initializes puzzleboxes is PuzzleBoxFactory. All 3 contain vital clues for defeating the challenges.

PuzzleBoxSolution is a contract with an incomplete solve() function where you should implement your solution against the provided PuzzleBox instance. The tests will deploy and call this contract to verify your solution.

In the contest, your solution will be scored based on how many challenges it completes, with a bonus given to more gas efficient solutions. Only the gas you spend inside solve() is counted.

Beyond the contest, this is intended to be an educational resource so even partial solutions can be submitted and awarded a score!

Project Structure

This project is designed to loosely emulate the evaluation environment of the contest. In the contest, everything happens in 1 transaction, and is orchestrated by a "runner" contract. The runner is in charge of deploying the puzzlebox, your solution, and calling solve(), atomically. In this repo, the provided test case (test_win) simulates the role of the runner.