No | Contracts | Type | Difficulty | Writeup |
---|---|---|---|---|
1 | PrivateData.sol | Private data | Easy | link |
2 | Wallet.sol, WalletLibrary.sol |
Low level calls | Easy | link |
3 | VNFT.sol | Weak RNG, Smart contract minting |
Medium | VNFT.md |
4 | EtherWallet.sol | Signature Malleability | Medium | EtherWallet.md |
5 | Vault.sol, Vesting.sol |
Low level calls | Medium | Vault.md |
6 | Staking.sol | Gas griefing | Medium | Staking.md |
Install Foundry if you haven't already.
git clone git@github.com:beskay/solidity-challenges.git
forge install
See test for an example setup and exploit of all challenges. In order to test a single contract, run
forge test --match-contract <CONTRACT_NAME>
E.g. forge test --match-contract PrivateDataTest
to run the test for PrivateData.sol
.
See script/exploits for example exploit scripts to hack the deployed contracts on the goerli testnet
To deploy and verify the contracts, run
forge script <deploy_script> --rpc-url $RPC_URL --broadcast --verify --private-key $PK --etherscan-api-key $ETHERSCAN_API -vvv
Note that ETH_RPC_URL, ETHERSCAN_API and PK has to be set
export ETH_RPC_URL=<your_eth_rpc_url>
export ETHERSCAN_API=<your_etherscan_apikey>
export PK=<your_private_key>
Or create a .env file and load the variables with source .env