Challenges

Clear
All 96 Web 10 Pwn 7 Crypto 7 Forensics 7 Rev 6 Misc 7 OSINT 6 network 7 Mobile 10 Cloud 10 web3 10 Linux 9
web3 Easy

Exposed Wallet Tx Data

A developer committed their Ethereum wallet export to a public repository. One transaction has a non-empty hex-encoded input field containing the flag.

100 pts
web3 Easy

Private Storage Read

SecretVault stores a 'private' bytes32 in slot 2. Solidity's private keyword hides variables from other contracts only — on-chain storage is always publicly readable.

150 pts
web3 Medium

Integer Overflow (Solidity 0.7)

VulnToken uses uint8 balances and Solidity 0.7 — no built-in overflow protection. Transferring more than your balance causes an underflow: uint8(0)-1 = 255.

250 pts
web3 Medium

Reentrancy Attack

EtherBank sends ETH before updating balances (violating CEI). An attacker contract can re-enter withdraw() via its receive() fallback to drain the bank before balances are zeroed.

250 pts
web3 Hard

Flash Loan Price Manipulation

VaultOracle reads the spot price from a single DEX pool. Flash-loan a large amount to crash the pool's ratio below FLOOR, call triggerEmergency(), then repay — all in one transaction.

350 pts
web3 Hard

Signature Replay

PaymentChannel accepts off-chain signatures containing only (recipient, amount) — no nonce, no chainId. The same valid signature can be replayed unlimited times to drain the channel.

300 pts
web3 Hard

tx.origin Phishing

Treasury authenticates with tx.origin == owner. A malicious contract can call Treasury while the owner calls it — tx.origin remains the owner throughout the call chain.

400 pts
web3 Hard

Uninitialized Owner

Registry has no constructor setting an owner. The initialize() function can be called by anyone — but only once. Call it before the admin to claim ownership, then call revealConfig().

350 pts
web3 Insane

Delegatecall Slot Collision

ProxyWallet delegatecalls into Implementation. Slot 0 in Implementation is adminFlag; slot 0 in ProxyWallet is owner. Writing adminFlag via delegatecall overwrites the proxy's owner.

450 pts
web3 Insane

MEV Frontrunning

RiddleVault awards the flag to the first correct solver. The answer is plaintext in calldata — anyone watching the mempool can copy it and resubmit with higher gas to arrive first.

500 pts