ParadigmCTF 2022 solutions
A CTF(Capture the flag) contest contains a list of challenges in which the participants should try and exploit the system. This blog post contains some interesting solutions proposed by different experts who solved the challenges of the ParadigmCTF 2022. Though there are multiple articles and posts explaining solutions for different problems, I wanted to create an article that serves as a single point of reference for the solutions for the challenges related to Solidity. There were also somechallenges involving Solana (rust) and Starknet (Cairo), whose solutions are not covered in this post. Let's get to it!
Each challenge will have the following:
- Challenge title
- Author name
- Description of the challenge
- IP address of the server for that challenge (Access)
- Challenge Ticket
- Challenge Resources
Once connected to the server, there are three choices:
- Launch new instance: Used to deploy a new private blockchain and challenge contracts
- Kill instance: Stop any running instances if any
- Get flag: Returns the flag for the challenge if solved.
The ticket is like a passcode that we need to submit to execute any of the above three choices.
Each challenge will have the
Setup contract deployed when a new instance is launched. The
Setup contract will have a method
isSolved() which returns a
bool. If the challange has been solved the
isSolved() method will return
true. This method is also used to validation at the server level when we choose the
Get flag option.
I have added reference links to some detailed writeups of solutions for some of the challenges as it's more likely to help the readers understand the approach taken by those who actually solved the challenge! All the links are active when this article was written. Please let me know if there are any broken links :)
This is a very basic challenge in which the user can solve the problem by simply calling the
solve() method with
4. It is an entry-level challenge!
This challange requires the user to drain the
WETH tokens from the
MasterChefHelper contract. There was also Uniswap's v2 router contract to for adding liquidity and for swapping.
The solution would look like:
- Deposit some
ETHsay 20, in the
WETH9contract to get back
- Use the
poolInfomethod from the MasterChef contract to get the LP token of any pool. Incase of poolId 1, the LP would be
10 WETHworth of
UniswapRouterV2and send it to the
- Now the
MasterChefHelpercontract will have 10 WETH and 10 WETH worth of USDC.
10 WETHworth of
- We can now call the
solve()method in the
Setupcontract by passing the
USDT addressand the
The MasterChefHelper contract will purchase 5 ETH worth of USDC and 5 ETH worth of WETH and hence now the contract will have 15 ETH worth of tokens on both the sides (
USDC). So the
_addLiquidity method will deposit all the tokens into the pool which leaves the MasterChefHelper contract's WETH as zero!
More detailed writeup:
- Stealing Sats
- Fun Reversing Challenge