A curated list of blockchain security Wargames, Challenges, and Capture the Flag (CTF) competitions and solution writeups.
-
- Ethernaut Solutions by cmichel - Challenges 0-21
- Ethernaut Writeups by Macmod - Challenges 0-9
- Ethernaut Solutions by tsauvajon - Challenges 1-11
- Ethernaut Solutions by tinchoabbate
- The Ethernaut CTF Writeup by Arseny Reutov - Challenges 0-6
- Ethernaut Lvl 0 Walkthrough: ABIs, Web3, and how to abuse them by Nicole Zhu
- Ethernaut Lvl 1 Walkthrough: how to abuse the Fallback function by Nicole Zhu
- Ethernaut Lvl 2 Fallout Walkthrough: how simple developer errors become big mistakes by Nicole Zhu
- Ethernaut Lvl 3 Coin Flip Walkthrough: how to abuse psuedo randomness in smart contracts by Nicole Zhu
- Ethernaut Lvl 4 Telephone Walkthrough: how to abuse tx.origin & msg.sender by Nicole Zhu
- Ethernaut Lvl 5 Token Walkthrough: How to abuse arithmetic underflows and overflows by Nicole Zhu
- Ethernaut Lvl 6 Delegation Walkthrough: How to abuse the delicate delegatecall by Nicole Zhu
- Ethernaut Lvl 7 Force Walkthrough — How to selfdestruct and create an Ether blackhole by Nicole Zhu
- Ethernaut Lvl 8 Vault Walkthrough — How to read “private” variables in contract storage (with Truffle) by Nicole Zhu
- Ethernaut Lvl 9 King Walkthrough: How bad contracts can abuse withdrawals by Nicole Zhu
- Ethernaut Lvl 10 Re-entrancy Walkthrough: How to abuse execution ordering and reproduce the DAO hack by Nicole Zhu
- Ethernaut Lvl 11 Elevator Walkthrough: How to abuse Solidity interfaces and function state modifiers by Nicole Zhu
- Ethernaut Lvl 12 Privacy Walkthrough: How Ethereum optimizes storage to save space and be less gassy by Nicole Zhu
- Ethernaut Lvl 13 Gatekeeper 1 Walkthrough: How to calculate smart contract gas consumption (and byte masking) by Nicole Zhu
- Ethernaut Lvl 14 Gatekeeper 2 Walkthrough: How contracts initialize (and how to do bitwise operations) by Nicole Zhu
- Ethernaut Lvl 15 Naught Coin Walkthrough: How to abuse ERC20 tokens and bad ICOs by Nicole Zhu
- Ethernaut Lvl 16 Preservation Walkthrough: How to inject malicious contracts with delegatecall by Nicole Zhu
- Ethernaut Lvl 17 Locked Walkthrough: How to properly use (and abuse) structs in Solidity by Nicole Zhu
- Ethernaut Lvl 18 Recovery Walkthrough: How to retrieve lost contract addresses (in 2 ways) by Nicole Zhu
- Ethernaut Lvl 19 MagicNumber Walkthrough: How to deploy contracts using raw assembly opcodes by Nicole Zhu
-
Security Innovation Blockchain CTF
- Security Innovation Blockchain CTF Solutions by Narendra Patel
-
- Sherlock Writeup by Razzor
-
- Damn Vulnerable DeFi Solutions by cmichel
- Write-ups and lessons learned from Damn Vulnerable #DeFi by Damian Rusinek
- Damn Vulnerable DeFi — Setup and Challenge #1 Walkthrough by iphelix
- Damn Vulnerable DeFi — Challenge #2 Walkthrough by iphelix
- Damn Vulnerable DeFi — Challenge #3 Walkthrough by iphelix
- Damn Vulnerable DeFi — Challenge #4 Walkthrough by iphelix
- Damn Vulnerable DeFi — Challenge #5 Walkthrough by iphelix
- Damn Vulnerable DeFi — Challenge #6 Walkthrough by iphelix
- Damn Vulnerable DeFi — Challenge #7 Walkthrough by iphelix
-
Break My Contract, Steal My Money Challenges
-
Hacking smart contracts for fun and profit by István András Seres
-
Paradigm CTF - 2021
- Official Challenges and Solutions:
- Community Solutions:
- Paradigm CTF 2021 Solutions and Github repo by cmichel
- BabyRev and Upgrade Solutions by Ansgar Dietrichs
- Paradigm JOP Solution on Twitch Part 1 and Part 2 by Ansgar Dietrichs
- Paradigm CTF 2021 Solutions by thegostep
- BabyCrypto, BabySandbox, and Lockbox writeups by roynalnaruto
- BabyCrypto Challenge by Team Dilicious (Sam Wilson)
- Broker Challenge by Team Dilicious (Sam Wilson)
- BabyRev Challenge by Team Dilicious (Sam Wilson)
- Bank Challenge by Team Dilicious (smarx)
- Vault Challenge by Team Dilicious (smarx)
- Paradigm CTF Solutions by Furucombo
- Swap Challenge by samczsun
-
0xPOLAND - 2020
-
AnChain CTF - 2020
-
Sharky CTF - 2020
- Sharky CTF: Blockchain Level 0 to 4 Writeup by Nithilan Pugal
- Sharky CTF Blockchain Challenges by Imagin
-
Donjon CTF - 2020
-
Chain Heist - 2019
-
Capture the Coin - 2019
- “Capture the Coin” at Defcon and you could win big
- How the Coinbase Security team deployed CTFd to Power our First Capture the Flag contest at Defcon 27
- Congratulations Capture the Coin participants!
- Capture the Coin — Trivia Solutions
- Capture the Coin — Blockchain Category Solutions
- Capture the Coin — Cryptography Category Solutions
- Capture the Coin CTF write-up by Arpox
-
Code Blue PolySwarm Challenge - 2018
- PolySwarm Smart Contract Hacking Challenge Writeup by Arseny Reutov
-
Real World CTF (Acoraida Monica Challenge) - 2018
- Challenge files and Solution by LiveOverflow
- Ethereum Smart Contract Code Review #1 - Real World CTF 2018 by LiveOverflow
- Jump Oriented Programming: Ethereum Smart Contract #2 - Real World CTF 2018 by LiveOverflow
-
Authio Solidity CTF
- Challenges:
- Solidity CTF - Part 1: "Function Types
- Solidity CTF — Part 2: “Safe Execution”by Alexander Wade
- Solidity CTF — Part 3: “HoneyPot” by Alexander Wade
- Solidity CTF — Part 4: Read the Fine Print by Alex Towle
- Solidity CTF - Part 5: Mirror Madness by Paul Vienhage
-
ZeroNights ICO Hacking Contest - 2017
- ZeroNights ICO Hacking Contest Writeup by Arseny Reutov