Skip to content

Latest commit

 

History

History

03-mint

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
.cargo
.cargo
 
 
src
src
 
 
.editorconfig
.editorconfig
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 

README.md

Awesomwasm 2023 CTF - Challenge 10

This is a clone of Challenge 10: Mistilteinn with the bonus solution submitted by @CruncherDefi and @howlpack.

Purpose

This smart contract allows whitelisted users to mint NFTs.

Execute entry points:

pub enum ExecuteMsg {
    Mint {},
}

Please check the challenge's integration_tests for expected usage examples. You can use these tests as a base to create your exploit Proof of Concept.

🏠 Base scenario:

  • The contract is instantiated with whitelisted users as USER1, USER2, and USER3.

⭐ Goal for the challenge:

  • Demonstrate how a misconfiguration from the contract instantiator allows users to bypass the mint_per_user limitation.

❗ The usage of cw-multi-test is mandatory for the PoC, please take the approach of the provided integration tests as a suggestion.