Skip to content

Latest commit

 

History

History
31 lines (20 loc) · 2.28 KB

README.md

File metadata and controls

31 lines (20 loc) · 2.28 KB

PuzzleBox CTF

Do you have what it takes to unlock this devious solidity puzzle box? You will need to demonstrate your understanding of the EVM, solidity, and smart contract vulnerabilities and chain them together in an exact sequence to get inside. How far can you get?

Setup

# clone this repo
git clone [email protected]:dragonfly-xyz/puzzlebox-ctf.git && cd puzzlebox-ctf
# install foundry
forge install
# run/check your solution
forge test -vvvv

PuzzleBox Design

architecture diagram

Puzzlebox instances use a familiar proxy pattern, with the main logic contract being PuzzleBox and the proxy contract being PuzzleBoxProxy. The contract that deploys and initializes puzzleboxes is PuzzleBoxFactory. All 3 contain vital clues for defeating the challenges.

PuzzleBoxSolution is a contract with an incomplete solve() function where you should implement your solution against the provided PuzzleBox instance. The tests will deploy and call this contract to verify your solution.

  • One important thing to note is that your PuzzleBoxSolution is never directly instantiated, meaning its constructor will never be executed. Instead, a shell contract (SolutionContainer) that deploys itself using your solution's runtime bytecode will be created in its place. This confines as much business logic as possible to your solution's solve() function for fairness.

In the contest, your solution will be scored based on how many challenges it completes, with a bonus given to more gas efficient solutions. Only the gas you spend inside solve() is counted.

Beyond the contest, this is intended to be an educational resource so even partial solutions can be submitted and awarded a score!

Project Structure

This project is designed to loosely emulate the evaluation environment of the contest. In the contest, everything happens in 1 transaction, and is orchestrated by a "runner" contract. The runner is in charge of deploying the puzzlebox, your solution, and calling solve(), atomically. In this repo, the provided test case (test_win) simulates the role of the runner.