| timezone |
|---|
Europe/Helsinki |
- A ctf player. Knows how evm works, but not familiar with defi / foundry.
- Sure.
Progess: Group A: Damn Vulnerable DeFi: 18/18 (writeup) Group B: Milotruck challs: 6/6 (writeup) Group C: ...
Sign up
Set up the foundry environment, and trying to get familiar with forge and cast, and the cheatcodes as well.
Start to play Damn Vulnerable DeFi.
Solved 1 - Unstoppable.
Trying to solve 2 - Naive Receiver.
Solved 2 - Naive Receiver.
Solved 3 - Truster.
Solved 4 - Side Entrance.
Solved 5 - The Rewarder.
Solved 6 - Selfie.
Solved 7 - Compromised.
WIP 8 - Puppet.
Solved 8 - Puppet.
Solved 9 - Puppet v2.
Solved 10 - Free Rider.
WIP 11 - Backdoor.
Solved 11 - Backdoor.
Solved 12 - Climber.
Solved 13 - Wallet Mining.
Solved 14 - Puppet V3. (Analysis WIP)
Solved 15 - ABI Smuggling.
Solved 16 - Shards.
WIP 17 - Curvy Puppet.
WIP 17 - Curvy Puppet, a cheated solution (deal 570 eth to solve)
Finally solved 17 - Curvy Puppet.
Solved 18 - Withdrawal.
Damn Vulnerable DeFi all set.
Selected Milotruck challs for Group B.
Solved GreyHats Dollar.
Solved Escrow.
Solved Simple AMM Vault.
Solved Voting Vault.
Solved Meta Staking.
Solved Gnosis Unsafe.
BlazCTF:
- Ciao
- check internal calldata
- BigenLayer
- weak/leak private key (0x1337)
- 8Inch
- price 10 wojak : 1 weth, buy 9 wojak cost 0 weth
SafeUint112is not safe whenvalue == 1<<122
- ...
BlazCTF:
- Doju
- leverage the call in
sellTokensto transfer tokens - find an EOA with suffix matching
Doju's prefix 4 bytes (using tools such as profanity)
- leverage the call in
- other challs checked but not solved