I’ve been playing with an Ethereum wargame, Capture the Ether, during Christmas holidays. I really enjoy CTFs and, more generally, finding flaws/unintended behavior in other people’ code. Doing that with Ethereum and Solidity is much more fun, because:

  • it’s a whole new ecosystem on which I did not have prior experience
  • the wargame is focused on the platform pitfalls (spoiler: there are a lot of them) and best practices
  • rekt.news 1

I set up a repo to track my progress on the wargame, where every commit contains the solution for a given problem: the original contract, the ethers script to solve it, and, when needed, support contracts and test cases. The repo can be found here. I won’t be doing any detailed write-up on the single challenges because there are already many2 of them3 available on the internet. I’m always available for discussing solutions though.

Admittedly, I was completely lost on a couple challenges (Fuzzy Identity and Account Takeover) because cryptography is hard (at least for me :D). Nonetheless, the solutions were fascinating and helped me tackle the subject a little.

If you are interested in other similar competitions, this repo has a huge list of them, and it’s frequently updated!

  1. It may be a lot of information to process all at once, but that website contains the major hacks, breaches and scams that happen in the crypto space; mostly DeFi ↩︎

  2. https://cmichel.io/capture-the-ether-solutions/ ↩︎

  3. https://medium.com/coinmonks/lets-play-capture-the-ether-warmup-68a5fc38e670 ↩︎