Welcome to my repository dedicated to solving well-known Ethereum Capture the Flag (CTF) challenges. This repository aims to provide detailed solutions, explanations, and learnings from various Ethereum CTFs to help others understand and tackle common smart contract vulnerabilities.
Ethereum CTFs are interactive security challenges designed to educate players on smart contract vulnerabilities. Each challenge typically involves identifying and exploiting security flaws in Ethereum smart contracts. This repository contains my solutions to these challenges, with the goal of helping others learn and improve their smart contract security skills.
Ethernaut is a Web3/Solidity-based wargame played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be hacked.
- Level 1: Fallback
- Level 2: Fallout
- Level 3: Coin Flip
- Level 4: Telephone
- Level 5: Token
- Level 6: Delegation
- Level 7: Force
- Level 8: Vault
- Level 9: King
- Level 10: Reentrancy
- ...
Capture the Ether is another game of Ethereum smart contract security challenges. The game consists of a series of challenges in different categories, each focusing on specific types of vulnerabilities.
- Warmup: Hello Ethernaut
- Lotteries: Predict the future
- Lotteries: Predict the block hash
- Math: Token sale
- Math: Token whale
- ...
Damn Vulnerable DeFi is a set of challenges focusing on decentralized finance (DeFi) vulnerabilities.
- Challenge 1: Unstoppable
- Challenge 2: Naive receiver
- Challenge 3: Truster
- Challenge 4: Side entrance
- Challenge 5: The rewarder
- ...
-
Clone the repository:
git clone https://github.com/smbsp/ctfs.git cd ctfs -
Navigate to the folder of the desired CTF challenge.
-
Read through the solution and understand the exploitation technique used.
-
Try to replicate the solution on your local setup.
Contributions are welcome! If you have solved additional CTF challenges or have improved solutions, please feel free to submit a pull request.
This project is licensed under the MIT License - see the LICENSE file for details.