ctf

Introduction This series of posts provides solutions for version 3 of Damn Vulnerable DeFi, which includes a total of 15 challenges. This is the Part 3 of Damn Vulnerable Defi Solution series: Part 1 Part 2 Part 3 (Current) You can find all my solutions and local setup in this GitHub repository. This post will focus on solutions for challenges 11-15. These final five challenges are the most complex in the series, encompassing highly realistic use cases, including Gnosis Safe Wallets, Uniswap V3, the UUPS Upgradeable pattern, timelocks, and more....

Introduction This series of posts provides solutions for version 3 of Damn Vulnerable DeFi, which includes a total of 15 challenges. This is the Part 2 of Damn Vulnerable Defi Solution series: Part 1 Part 2 (Current) Part 3 You can find all my solutions and local setup in this GitHub repository. This post will focus on solutions for challenges 6-10. These five challenges are primarily centered around flash loans and encompass real-world scenarios....

Introduction Damn Vulnerable Defi offers a series of CTF-like challenges that are more intricate than those in CTE and Ethernaut, with a focus on DeFi-related topics. These challenges cover areas like flash loans, price oracles, governance, NFTs, wallets, and timelocks. They incorporate real-world contracts from platforms such as Uniswap (V1, V2, V3), Gnosis Safe, and various upgrade patterns. By tackling these challenges, you’ll gain substantial knowledge about DeFi and become more adept at understanding security practices in this field....

Introduction This is the Part 3 of Ethernaut Solution series: Part 1 Part 2 Part 3 (Current) You can find all my solutions and local setup in this GitHub repository. This post will cover solutions for challenges 20-29. These ten challenges rank as the most difficult in the entire series, encompassing a range of real-world scenarios like DEX and proxy patterns. They also require a bit deep understanding of Solidity internals, such as the encoding of calldata....

Introduction This is the Part 2 of Ethernaut Solution series: Part 1 Part 2 (Current) Part 3 You can find all my solutions and local setup in this GitHub repository. This post will cover solutions for challenges 10-19. These ten challenges are somewhat more complex than the first ten. Solving them mainly involves understanding some Solidity internals (e.g. storage layouts), and basic security vulnerability patterns (e.g. reentrancy pattern). Solutions 10. Re-entrancy This is a classic reentrancy vulnerability....

Introduction Ethernaut is a Web3/Solidity based CTF developed by OpenZeppelin. The CTF is played online using Ethereum test networks, but for faster development, I setup a local dev environment using hardhat forking Sepolia testnet. Comparing with Capture-the-Ether, Ethernaut is more up-to-date in aspects like Solidity versions (CTE uses ^0.4 versions) and DeFi-related content. I found Ethernaut to be highly educational and comprehensive, offering a thorough overview of smart contract security vulnerabilities....

0. Introduction Capture the Ether serves as an introductory CTF (Capture the Flag) for those interested in smart contract security. It offers a variety of challenges categorized into different sections. Participating in this CTF marked my first foray into the world of smart contract security, and it was an incredibly educational experience. Originally, the challenge was hosted on the Ropsten network, but since it became deprecated in 2023, I set up a local dev environment using Hardhat to continue playing....