GithubHelp home page GithubHelp logo

quill-ctf-foundry's Introduction

0 : SetUp β–Ά

git clone "https://github.com/niluk-256/Quill-CTF-foundry.git"

forge install
forge  test   --match-contract {contract} -vvvv
Level Description
Easy 🟒
Medium 🟑
Hard πŸ”΄

"challenges"

Method 2 
 you can use 
yarn c1
yarn c2 
etc...
to  test challenges

1 : Road Closed β˜‘ 🟒

β€œWe keep out the wrong people – by letting anyone in.”

  • Objective of CTF 
    • Become the owner of the contract
Change the value of hacked to true

    test Method 1 with EOA

    forge test  --match-contract RoadAttackerSimple -vvv
forge test  --match-contract RoadAttackerSimple -vvvv

    test Method 2 Contract

    forge test  --match-contract RoadAttackerWithContract -vvvv

    Even though there is isContract .we can bypasss it because when we execute our logic inside of the constructor(Attacker contract) the code size is zero it won't be included in the runtime code.

    2 : Confidential Hash β˜‘ 🟒


  • Objective of CTF 
    • Find the keccak256 hash of aliceHash and bobHash.

    test Exploit

    forge test  --match-contract ConfidentialHashExploit  -vvv
forge test  --match-contract ConfidentialHashExploit  -vvvv

    Never store sensitive information in
contract because anyone access it from the storage.

    Learning Resources

    How to read ethereum contract storage

    Resource2

    3 : VIP Bank β˜‘ 🟒

    β€œThis Bank is only for its VIP Customers.”


  • Objective of CTF 
    • At any cost, lock the VIP user balance forever into the contract.

    test Exploit

    forge test  --match-contract VIPBankExploit  -vvvv

    Learning Resources

    Resource1 - Alchemy-SelfDestruct

    4 : safeNFT β˜‘ 🟑

    β€œOften something that appears safe isn't safe at all.”


  • Objective of CTF 
    • Claim multiple NFTs for the price of one.

    Attack vector: RE-Entrancy

    forge test  --match-contract SafeNftExploit  -vvvv

    Learning Resources

    Resource0 -Walkthrough by Erhant
    Resource1 -Walkthrough by Vishnuram Rajkumar
    Resource2 -Blocksec
    Resource3 -Danger of surpisingcode samczsun

    5 : D31eg4t3 β˜‘ 🟒

    This CTF challenge is developed to showcase the
    vulnerability which can be introduced by using delegatecall() incorrectly.

    β€œHandle with care, It’s D31eg4t3”


  • Objective of CTF 
    • Become the owner of the contract.
Make canYouHackMe mapping to true for your own
address.

    Attack vector: Delegatecall

     forge test  --match-contract DExploit  -vvvv

    Learning Resources

    Resource Preservation Ethernauts

    Solidity Docs
    Walkthrough by Vishnuram Rajkumar
    Walkthrough by Erhan Tezcan

    6 :Collatz Puzzle πŸ”΄ β˜‘

    β€œIt's a puzzle I'll keep trying because it's so much fun.”

  • Objective of CTF 
    • Make a successful call to the callMe function.
You should be the deployer of the contract at the given addr parameter!

     forge test --match-contract    CollatzExploit  -vv

    : True XOR β˜‘ 🟑


  • Objective of CTF 
    • Make a successful call to the `callMe` function.
The given `target` parameter should belong to a contract deployed by you and should use `IBoolGiver` interface.


    forge test  --match-contract TrueXORTest  -vvvv

    Learning Resources

    Ethernauts level 18 Magic Number
    Deconstructing a Solidity Contract
    viking71

    8. Pelusa ❎

    9 : WETH10 β˜‘ 🟑


  • Objective of CTF 
    • The contract currently has 10 ethers. (Check the Foundry configuration.)
You are Bob (the White Hat). Your job is to rescue all the funds from the contract, starting with 1 ether, in only one transaction.



    bob deposit  1 ether gets a Token
      Aproved himself
      transfer that Token to his bobcontract so now his bob contract has 1 token
      bob call callWithdrawAll then ..we can withdraw 1 ether,  to our Attacker Contract ... before going to _burnAll() (WETH10 Line 29) we gonna
        send those tokens to bob's EOA  ..repeat it 10 times, we withdraw all the ether in bobContract then  finally we withdraw the rest (1 remaining ether) by directly calling  withdrawAll function in WETH10

    image info

    forge test  --match-contract WETHAttack  -vvvv

    Learning Resources

    Credits viking71 for explaining this level https://infosecwriteups.com/quillaudit-ctf-challenges-writeups-fd5d38f010a4


    12 : WETH11 β˜‘ 🟑

    β€œWe have fixed WETH10 and now have introduced its new version i.e. WETH11.”

  • Objective of CTF 
    • We have fixed WETH10 and now have introduced its new version WETH11.
But along the way, bob made a mistake and transferred its tokens to the wrong address.
Can you help bob recover his 10 ether?
    ATTACKER

    So here we can pass any kind of bytes data to execute function and it will make a low level call to the target contract(WETH11) we pass weth11address ,0 (we don't need any loan) , data (we pass the approve function signature ) then it will call functionCallWithValue and then after we get approved as a spender we can use transferFrom to trasnfer all the tokens to our contract and then withdraw them back and send it to bobs address within one transaction

    forge test  --match-contract WETH11Test  -vvvv

    14 : MOLCHO_VAULT β˜‘ πŸ”΄

    please open a PR on the repo if you wish to contributeπŸ’™ .

    Please only publish solutions for retired the challenges check hereπŸ‘‡

    quillCTF challenges

    quill-ctf-foundry's People

    Contributors

    niluke avatar

    Stargazers

    avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

    Watchers

    avatar

    Recommend Projects

    • React photo React

      A declarative, efficient, and flexible JavaScript library for building user interfaces.

    • Vue.js photo Vue.js

      πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

    • Typescript photo Typescript

      TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

    • TensorFlow photo TensorFlow

      An Open Source Machine Learning Framework for Everyone

    • Django photo Django

      The Web framework for perfectionists with deadlines.

    • D3 photo D3

      Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

    Recommend Topics

    • javascript

      JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

    • web

      Some thing interesting about web. New door for the world.

    • server

      A server is a program made to process requests and deliver data to clients.

    • Machine learning

      Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

    • Game

      Some thing interesting about game, make everyone happy.

    Recommend Org

    • Facebook photo Facebook

      We are working to build community through open source technology. NB: members must have two-factor auth.

    • Microsoft photo Microsoft

      Open source projects and samples from Microsoft.

    • Google photo Google

      Google ❀️ Open Source for everyone.

    • D3 photo D3

      Data-Driven Documents codes.