*Hosted by Defi Security Summit as part of Defi Security 101*
Built with love by eugenioclrc, luksgrin, PeterisPrieditis, RomiRand and misirov
Special thanks to patrickd, StErMi, tinchoabbate and Rajeev for reviewing, commenting and helping during the elaboration and design of this CTF Workshop
This Workshop consists in a series of challenges, of increasing difficulty, targeting different concepts and common vulnerabilities found in DeFi. The CTF consists of a series of challenges suitable for different levels of expertise.
This workshop provides different flavors. Feel free to use the one you feel more comfortable with:
This set of challenges aren't set for competitive purposes. Their main objective is to showcase scenarios involving DeFi, Solidity
concepts and common vulnerabilities.
Focus on learning and having fun! 😊
This challenge is thought for users who are very familiar with Solidity
and do not want to use additional languages.
The following setup tutorial will guide you through the installation of Foundry
and its setup.
Run the command below to clone this repository into your local machine
git clone https://github.com/secureum/AMAZEX-DSS-PARIS.git
cd AMAZEX-DSS-PARIS
Run the command below to get foundryup
the Foundry
toolchain installer:
curl -L https://foundry.paradigm.xyz | bash
Then, in a new terminal session (or after reloading your PATH
environmental variable), run foundryup
to get the latest forge
and cast
binaries:
foundryup
And finally, install the repository's dependencies by entering it and running:
forge install
Note that you might have to restart your terminal for the forge
command to become available.
At this point you should be all set. If not, check Foundry
's installation troubleshooting.
Challenge contracts are located in the subdirectories of the src/
directory. Do not modify them, as it may lead to unexpected behaviors within the challenges.
To solve a challenge, you must open the corresponding test/ChallengeX.t.sol
(where X is a number) and add your exploit code in the signalized areas within said file.
Then, to check if the challenge has been solved, execute the following command
forge test --match-path test/ChallengeX.t.sol
If the solution criteria have been reached, it shall display the following message
Running 1 test for test/ChallengeX.t.sol:ChallengeXTest
[PASS] testChallenge() (gas: XXXX)
Test result: ok. 1 passed; 0 failed; finished in XXXms
Alternatively, to check if all challenges have been solved, execute the following command:
bash isSolved.sh
which will return the test results for all challenges in order.
If one wishes to have a more detailed prompt (i.e. to see the logged messages), it is necessary to increase the verbosity with -vvvv
, for example:
forge test --match-path test/ChallengeX.t.sol -vvvv
- Challenge 1: Operation magic redemption 🪄🔮
- Challenge 2: Mission Modern WETH: Rescue the Ether 🧗🧭
- Challenge 3: LendEx pool hack 🤺🃏
- Challenge 4: Operation Rescue
POSI
Token! 💼🔓 - Challenge 5: Balloon Vault 🎈🎈
- Challenge 6: Safe Yield? 🏦📈
- Challenge 7: Crystal DAO 💎💎
- Challenge 8: Liquidatoooor 🔱🔱
Find the slides of the event's presentation here.
Writeups will be available after the event