Secureum A-MAZE-X Stanford
Last updated
Last updated
This Workshop consists in a series of challenges, of increasing difficulty, targetting different concepts and common vulnerabilities found in DeFi. The CTF is designed in different flavors for all kinds of users.
This workshop provides different flavors. Feel free to use the one you feel more comfortable with:
This set of challenges aren't set for competitive purposes. Their main objective is to showcase scenarios involving DeFi, Solidity concepts and common vulnerabilities.
Focus on learning and having fun! 😊
Let's begin with a simple warm up. Our beloved Vitalik is the proud owner of 100 $VTLK, which is a token that follows the ERC20 token standard. Or at least that is what it seems... 😉😉😉
📌 Upon deployment, the VToken contract mints 100 $VTLK to Vitalik's address.
Is there a way for you to steal those tokens from him? 😈😈😈
The contracts that you will hack are:
Secureum has raised a lot of Ether and decided to buy a bunch of InSecureumTokens ($ISEC) in order to make them available to the community via flash loans. This is made possible by means of the InSecureumLenderPool contract.
📌 Upon deployment, the InSecureumToken contract mints an initial supply of 10 $ISEC to the contract deployer.
📌 The InSecureumLenderPool contract operates with $ISEC.
📌 The contract deployer transfers all of their $ISEC to the InSecureumLenderPool contract.
📌 The idea is that anyone can deposit $ISECs to enlarge the pool's resources.
Will you be able to steal the $ISECs from the InSecureumLenderPool? 😈😈😈
The contracts that you will hack are:
Which have interactions with the following contracts:
I bet you are familiar with decentralized exchanges: a magical place where one can exchange different tokens.
InsecureDexLP is exactly that: a very insecure Uniswap-kind-of decentralized exchange.
Recently, the $ISEC token got listed in this dex and can be traded against a not-so-popular token called $SET.
📌 Upon deployment, the InSecureumToken and SimpleERC223Token contracts mint an initial supply of tokens 10 $ISEC and 10 $SET to the contract deployer.
📌 The InsecureDexLP operates with $ISEC and $SET.
📌 The dex has an initial liquidity of 9 $ISEC and 9 $SET, provided by the contract deployer. This quantity can be increased by anyone through token deposits.
📌 Adding liquidity to the dex rewards liquidity pool tokens (LP tokens), which can be redeemed in any moment for the original funds.
📌 In the foundry implementation, the deployer graciously airdrops the challenger (you!) 1 $ISEC and 1 $SET. In the TenderlySandbox implementation, the challenger must call the exclusive claimAirdrop() functions of each of the token contracts, obtaining this way 1 $ISEC and 1 $SET.
Will you be able to drain most of InsecureDexLP's $ISEC/$SET liquidity? 😈😈😈
The contracts that you will hack are:
Which have interactions with the following contracts:
Finally, as a conclusion to this not-so-secure ecosystem, the Secureum team built the BorrowSystemInsecureOracle lending platform where one can borrow and loan $ISEC and BoringToken ($BOR). Both tokens can be borrowed by either providing themselves or the other token as collateral.
📌 Upon deployment, the InSecureumToken and BoringToken contracts mint an initial supply of 30000 $ISEC and 20000 $BOR to the contract deployer.
📌 BorrowSystemInsecureOracle uses the InsecureDexLP to compute the $ISEC/$BOR price.
📌 The deployer adds an initial liquidity of 100 $ISEC and 100 $BOR to the InsecureDexLP.
📌 Similarly, InSecureumLenderPool contract is funded with 10000 $ISEC by the deployer.
📌 The BorrowSystemInsecureOracle contract has an initial amount of 10000 $ISEC and 10000 $BOR provided by the deployer.
📌 Users can add collateral and take loans from BorrowSystemInsecureOracle.
📌 Users may also get liquidated.
Will you be able to drain all the $ISEC from BorrowSystemInsecureOracle? 😈😈😈
The contracts that you will hack are:
Which have interactions with the following contracts:
hosted by the Stanford University as part of built by and special thanks to , , and for reviewing, commenting and helping during the elaboration and design of this CTF Workshop
Option 1: Online through our
Option 2:
Option 3:
Option 4:
Option 5: Online through Gitpod, either using Foundry
Option 6: Online through Gitpod, using Hardhat
, especially the meaning of approving funds.
The concept of . Focus on the definition, how they work and what's their original purpose.
Solidity's .
The concept of . Focus on the constant-product formula.
such as ERC223. Focus on the fallback function provided in ERC223.
The concept of .
.
The concept of . Notice that this concept is very related to flashloans.
(this contract should be used by the attacker as part of the attack)
Follow to access this CTF's writeup by .
Follow for a more detailed walk-through for each challenge by .
Follow for another writeup using contracts in hardhat by .
