CTF’s / War games
CTF’s (Capture The Flags) are games/challenges focused on the Ethereum blockchain that help you to learn security techniques and concepts. These are the five popular CTF’s worth solving (in this order) to master your Ethereum/Solidity offensive security skills:
- The Ethernaut is a wargame by OpenZeppelin.
- CaptureTheEther
- Damn Vulnerable DeFi
- Paradigm CTF 2021
- Paradigm CTF 2022 (upcoming)
Each level/challenge is a set of vulnerable smart contracts that you need to exploit. Some of these are trivial, some require understanding of DeFi protocols and are based on a real security holes. There are overlapping/similar challenges in Ethernaut and CaptureTheEther, so you can do one or the other.
Requirements: Basic knowledge of smart contract development. No security background required.
Tools
I’m going to play these games locally, since they are open source. I will use the Foundry toolchain. Foundry is reimplementation of dapptools. It is fast, portable, modular, written in Rust and lets us write tests in Solidity.
We need couple of libraries as well:
- openzeppelin-contracts – Famous library for secure smart contract development from OpenZeppelin.
- forge-std – Testing library for use with forge and foundry.
Summary
This should be enough to get going. Lets start with the Ethernaut because it is the most beginner friendly CTF game. If you don’t want to be spoiled please stop reading and give it a shot. See you in the next post: CTF walkthrough, Ethernaut, #1 Hello Ethernaut!
References
- blocksec-ctfs – A curated list of blockchain security Wargames, Challenges, and CTF competitions and solution writeups.