git clone "https://github.com/niluk-256/Quill-CTF-foundry.git"
forge install
forge test --match-contract {contract} -vvvv
Level | Description |
---|---|
Easy | π’ |
Medium | π‘ |
Hard | π΄ |
Method 2
you can use
yarn c1
yarn c2
etc...
to test challenges
βWe keep out the wrong people β by letting anyone in.β
Become the owner of the contract
Change the value of hacked to true
test Method 1 with EOA
forge test --match-contract RoadAttackerSimple -vvv
forge test --match-contract RoadAttackerSimple -vvvv
test Method 2 Contract
forge test --match-contract RoadAttackerWithContract -vvvv
Even though there is isContract
.we can bypasss it because when we execute our logic inside of the constructor(Attacker contract) the code size is zero it won't be included in the runtime code.
Find the keccak256 hash of aliceHash and bobHash.
test Exploit
forge test --match-contract ConfidentialHashExploit -vvv
forge test --match-contract ConfidentialHashExploit -vvvv
Never store sensitive information in
contract because anyone access it from the storage.
How to read ethereum contract storage
βThis Bank is only for its VIP Customers.β
At any cost, lock the VIP user balance forever into the contract.
test Exploit
forge test --match-contract VIPBankExploit -vvvv
Resource1 - Alchemy-SelfDestruct
βOften something that appears safe isn't safe at all.β
Claim multiple NFTs for the price of one.
Attack vector: RE-Entrancy
forge test --match-contract SafeNftExploit -vvvv
Resource0 -Walkthrough by Erhant
Resource1 -Walkthrough by Vishnuram Rajkumar
Resource2 -Blocksec
Resource3 -Danger of surpisingcode samczsun
This CTF challenge is developed to showcase the
vulnerability which can be introduced by using delegatecall() incorrectly.
βHandle with care, Itβs D31eg4t3β
Become the owner of the contract.
Make canYouHackMe mapping to true for your own
address.
Attack vector: Delegatecall
forge test --match-contract DExploit -vvvv
Resource Preservation Ethernauts
Solidity Docs
Walkthrough by Vishnuram Rajkumar
Walkthrough by Erhan Tezcan
βIt's a puzzle I'll keep trying because it's so much fun.β
Make a successful call to the callMe function.
You should be the deployer of the contract at the given addr parameter!
forge test --match-contract CollatzExploit -vv
Make a successful call to the `callMe` function.
The given `target` parameter should belong to a contract deployed by you and should use `IBoolGiver` interface.
forge test --match-contract TrueXORTest -vvvv
Ethernauts level 18 Magic Number
Deconstructing a Solidity Contract
viking71
The contract currently has 10 ethers. (Check the Foundry configuration.)
You are Bob (the White Hat). Your job is to rescue all the funds from the contract, starting with 1 ether, in only one transaction.
bob deposit 1 ether gets a Token
Aproved himself
transfer that Token to his bobcontract so now his bob contract has 1 token
bob call callWithdrawAll then ..we can withdraw 1 ether, to our Attacker Contract ... before going to _burnAll() (WETH10 Line 29) we gonna
send those tokens to bob's EOA ..repeat it 10 times, we withdraw all the ether in bobContract then finally we withdraw the rest (1 remaining ether) by directly calling withdrawAll function in WETH10
forge test --match-contract WETHAttack -vvvv
Credits viking71 for explaining this level https://infosecwriteups.com/quillaudit-ctf-challenges-writeups-fd5d38f010a4
βWe have fixed WETH10 and now have introduced its new version i.e. WETH11.β
We have fixed WETH10 and now have introduced its new version WETH11.
But along the way, bob made a mistake and transferred its tokens to the wrong address.
Can you help bob recover his 10 ether?
So here we can pass any kind of bytes data
to execute function and it will make a low level call to the target contract(WETH11) we pass weth11address ,0 (we don't need any loan) , data (we pass the approve function signature ) then it will call functionCallWithValue
and then after we get approved as a spender we can use transferFrom to trasnfer all the tokens to our contract and then withdraw them back and send it to bobs address
within one transaction
forge test --match-contract WETH11Test -vvvv