Skip to content

oak-security/cosmwasm-ctf

Repository files navigation

Oak Security CosmWasm CTF ⛳️

Crack all our challenges and show the community that you know your way in security, either as an auditor or a security-minded developer! This CTF was run as a live event during AwesomWasm 2023, for info related to the event check this other file.

Follow us on Twitter at @SecurityOak to receive the latest news on Cosmos security and fresh audit reports.

Getting started

To get started with the challenges, please go to the main branch. The 10 challenges follow no particular difficulty order, number 1 may not be easier than number 10 and the other way around. Each of them showcase a different security issue or exploitation techniques that we find during our security audits.

1. Mjolnir 6. Hofund
2. Gungnir 7. Tyrfing
3. Laevateinn 8. Gjallarhorn
4. Gram 9. Brisingamen
5. Draupnir 10. Mistilteinn

After you have given your best to solve each of the challenges, we encourage you to create an "audit-like" report. You can follow this template or any other that you consider suitable.

Your results are ready now! we have published our own writeups so you can compare and check if your solutions are correct. Please visit:

  1. Capture The Flag ️Writeups — part 1
  2. Capture The Flag ️Writeups — part 2

In addition:

  1. To view the proof of concept for the challenges, please visit the poc-exploit branch. The proof of concept is written as an exploit() test case and can be found in the exploit.rs file.
  2. To view the fixed versions of the challenges, please visit the fixed branch. All proof of concept test cases are prefixed with #[ignore="bug is patched"], so they will not be automatically executed when running cargo test.

Running test cases

  1. Navigate into challenge folder.
cd ctf-01/
  1. Run tests
cargo test

Questions?

Just open an issue in this repository to get an answer from our team.