hosted by the Stanford University as part of Defi Security 101
built by eugenioclrc and luksgrin
special thanks to patrickd, StErMi, tinchoabbate and Rajeev for reviewing, commenting and helping during the elaboration and design of this CTF Workshop
This Workshop consists in a series of challenges, of increasing difficulty, targetting different concepts and common vulnerabilities found in DeFi. The CTF is designed in different flavors for all kinds of users.
This workshop provides different flavors. Feel free to use the one you feel more comfortable with:
- Option 1: Online through our interactive website
- Option 2: Online through
TenderlySandbox - Option 3: Locally with
Foundry - Option 4: Locally with
Hardhat - Option 5: Online through Gitpod, either using
Foundry - Option 6: Online through Gitpod, using
Hardhat
This set of challenges aren't set for competitive purposes. Their main objective is to showcase scenarios involving DeFi, Solidity concepts and common vulnerabilities.
Focus on learning and having fun! ๐
Let's begin with a simple warm up. Our beloved Vitalik is the proud owner of 100 $VTLK, which is a token that follows the ERC20 token standard. Or at least that is what it seems... ๐๐๐
๐ Upon deployment, the VToken contract mints 100 $VTLK to Vitalik's address.
Is there a way for you to steal those tokens from him? ๐๐๐
๐๏ธ Concepts you should be familiar with (spoilers!)
- The ERC20 token standard, especially the meaning of approving funds.
The contracts that you will hack are:
Secureum has raised a lot of Ether and decided to buy a bunch of
InSecureumTokens ($ISEC) in order to make them available to the community
via flash loans. This is made possible by means of the InSecureumLenderPool contract.
๐ Upon deployment, the InSecureumToken contract mints an initial supply of 10 $ISEC to the contract deployer.
๐ The InSecureumLenderPool contract operates with $ISEC.
๐ The contract deployer transfers all of their $ISEC to the InSecureumLenderPool contract.
๐ The idea is that anyone can deposit $ISECs to enlarge the pool's resources.
Will you be able to steal the $ISECs from the InSecureumLenderPool? ๐๐๐
๐๏ธ Concepts you should be familiar with (spoilers!)
- The concept of flashloans. Focus on the definition, how they work and what's their original purpose.
- Solidity's delegatecall.
The contracts that you will hack are:
Which have interactions with the following contracts:
I bet you are familiar with decentralized exchanges: a magical place where one can exchange different tokens.
InsecureDexLP is exactly that: a very insecure Uniswap-kind-of decentralized exchange.
Recently, the $ISEC token got listed in this dex and can be traded against a not-so-popular token called $SET.
๐ Upon deployment, the InSecureumToken and SimpleERC223Token contracts mint an initial supply of tokens 10 $ISEC and 10 $SET to the contract deployer.
๐ The InsecureDexLP operates with $ISEC and $SET.
๐ The dex has an initial liquidity of 9 $ISEC and 9 $SET, provided by the contract deployer. This quantity can be increased by anyone through token deposits.
๐ Adding liquidity to the dex rewards liquidity pool tokens (LP tokens), which can be redeemed in any moment for the original funds.
๐ In the foundry implementation, the deployer graciously airdrops the challenger (you!) 1 $ISEC and 1 $SET. In the TenderlySandbox implementation, the challenger must call the exclusive claimAirdrop() functions of each of the token contracts, obtaining this way 1 $ISEC and 1 $SET.
Will you be able to drain most of InsecureDexLP's $ISEC/$SET liquidity? ๐๐๐
๐๏ธ Concepts you should be familiar with (spoilers!)
- The concept of Automatic Market Makers (AMMs). Focus on the constant-product formula.
- Other token standards such as ERC223. Focus on the fallback function provided in ERC223.
- The concept of reentrancy attack.
The contracts that you will hack are:
Which have interactions with the following contracts:
Finally, as a conclusion to this not-so-secure ecosystem, the Secureum team built the BorrowSystemInsecureOracle lending platform where one can borrow and loan $ISEC and BoringToken ($BOR). Both tokens can be borrowed by either providing themselves or the other token as collateral.
๐ Upon deployment, the InSecureumToken and BoringToken contracts mint an initial supply of 30000 $ISEC and 20000 $BOR to the contract deployer.
๐ BorrowSystemInsecureOracle uses the InsecureDexLP to compute the $ISEC/$BOR price.
๐ The deployer adds an initial liquidity of 100 $ISEC and 100 $BOR to the InsecureDexLP.
๐ Similarly, InSecureumLenderPool contract is funded with 10000 $ISEC by the deployer.
๐ The BorrowSystemInsecureOracle contract has an initial amount of 10000 $ISEC and 10000 $BOR provided by the deployer.
๐ Users can add collateral and take loans from BorrowSystemInsecureOracle.
๐ Users may also get liquidated.
Will you be able to drain all the $ISEC from BorrowSystemInsecureOracle? ๐๐๐
๐๏ธ Concepts you should be familiar with (spoilers!)
- How DeFi lending works.
- The concept of price oracle attack. Notice that this concept is very related to flashloans.
The contracts that you will hack are:
Which have interactions with the following contracts:
- InSecureumLenderPool (this contract should be used by the attacker as part of the attack)
- InsecureDexLP
- InSecureumToken
- BoringToken
Follow this link to access this CTF's writeup by patrickd.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent