-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(devx) - Add CTF on testnet (#4112)
* Revert "test(devx): Removed CTF challenges till we can deploy them on testnet (#4089)" This reverts commit c530707. * feat(devx) added package id for the CTF challenges * fix package url * update expected object types * Apply suggestions from code review Co-authored-by: vivekjain23 <[email protected]> * Update docs/content/developer/iota-move-ctf/challenge_1.mdx --------- Co-authored-by: vivekjain23 <[email protected]>
- Loading branch information
1 parent
7cdd1cd
commit 3b56161
Showing
12 changed files
with
448 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
|
|
||
| import ChallengeVerifier from '@site/src/components/CTF/ctf-verifier'; | ||
|
|
||
| # Challenge 1: Checkin | ||
|
|
||
| In this first challenge, your task is to interact with a basic Move contract. The contract defines a `Flag` object, which you need to retrieve by calling a specific function. | ||
|
|
||
| The contract mints a new flag and transfers it to your account. Your goal is to [call the function](../getting-started/publish.mdx#accessing-your-package), capture the flag, and then submit the object ID to verify your success. | ||
|
|
||
| This challenge is designed to be an easy introduction, guiding you through the process of interacting with the blockchain, calling functions, and understanding the basics of flag capture. | ||
|
|
||
|
|
||
| ## Deployed Contract Address: | ||
| ``` | ||
| Package: 0xed1bbeb067ea89b70859641557700997a39bf749b5eedf91e221d56a5d961622 | ||
| ``` | ||
|
|
||
|
|
||
| ## Contracts | ||
| ### `checkin.move` | ||
| ```move file=<rootDir>/docs/examples/move/ctf/challenge_1/sources/checkin.move | ||
| ``` | ||
|
|
||
| ## Related Articles | ||
|
|
||
| In this challenge, you must use the IOTA CLI to interact with the blockchain. This set of articles will help you set up your environment and call a deployed contract: | ||
|
|
||
| - [Installing IOTA CLI](../getting-started/install-iota.mdx) | ||
| - [Connecting an IOTA Network](../getting-started/connect.mdx) | ||
| - [Get IOTA coins](../getting-started/get-coins.mdx) | ||
| - [Accessing Your Package](../getting-started/publish.mdx#accessing-your-package) | ||
|
|
||
|
|
||
| Good luck in capturing your first flag! | ||
|
|
||
|
|
||
|
|
||
| <ChallengeVerifier expectedObjectType="0xed1bbeb067ea89b70859641557700997a39bf749b5eedf91e221d56a5d961622::checkin::Flag" /> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
|
|
||
| import ChallengeVerifier from '@site/src/components/CTF/ctf-verifier'; | ||
|
|
||
|
|
||
|
|
||
|
|
||
| # Challenge 2: Lucky Number | ||
|
|
||
| In this challenge you are supposed to get the flag Event by passing in the right parameters to the `get_flag` function in the `luckynumber` module. If you do this correctly you should get a Flag event in return. | ||
|
|
||
|
|
||
|
|
||
| ## Deployed Contract Addresses: | ||
| ``` | ||
| Package: 0x2d902cb948748fd2b92ff98e5d0fd46a9ceb4b7501050ef8513b9bc60f515ef8 | ||
| Counter: 0xbd21a9287e9f6ea1b69c810cf31e554fa260ff4547b2b94dac3e73239b1c3173 | ||
| ``` | ||
|
|
||
| ## Contracts | ||
|
|
||
| ### `luckynumber.move` | ||
| ```move file=<rootDir>/docs/examples/move/ctf/challenge_2/sources/luckynumber.move | ||
| ``` | ||
|
|
||
| ### `counter.move` | ||
| ```move file=<rootDir>/docs/examples/move/ctf/challenge_2/sources/counter.move | ||
| ``` | ||
|
|
||
|
|
||
| ## Related Articles | ||
| In this stage of the CTF, you should be familiar with how to use the CLI to call a Move function and pass in the right parameters, as well as a general understanding of the Object Model: | ||
|
|
||
| - [IOTA CLI reference](../../references/cli/) | ||
| - [Object Model](../iota-101/objects/object-model.mdx) | ||
|
|
||
| :::tip | ||
| You should check how to use the CLI to call a function in a module and pass in the right parameters. `iota client call --help` might help. | ||
| ::: | ||
|
|
||
|
|
||
| Good luck in capturing your second flag! | ||
|
|
||
|
|
||
|
|
||
| <ChallengeVerifier expectedObjectType="0x2d902cb948748fd2b92ff98e5d0fd46a9ceb4b7501050ef8513b9bc60f515ef8::luckynumber::Flag" /> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
|
|
||
| import ChallengeVerifier from '@site/src/components/CTF/ctf-verifier'; | ||
|
|
||
|
|
||
|
|
||
|
|
||
| # Challenge 3: MintCoin Mechanics | ||
|
|
||
| In this challenge, you'll dive into the mechanics of "MintCoin," a [coin](../standards/coin.mdx) that allows anyone to mint new tokens using a "Proof of Move" process. However, minting alone will not be enough to get the flag—you'll need to go a step further. | ||
|
|
||
| Your goal is to understand how the system works and figure out the extra steps needed to successfully retrieve the flag. | ||
|
|
||
|
|
||
| ## Deployed Contract Addresses: | ||
| ``` | ||
| CoinMetadata<0x871d4332aeb888fafa0c90280a3b2d301213e3352c11493b2ac59002264c2d20::mintcoin::MINTCOIN>: 0xb24911470fcef420eb6774d8624f8ad8b329a0e3c1157fe3d5c25dfd3e812f10 | ||
| Counter: 0x843737fabb25a83b9034764cbc06d2e0444397be4157d08fca0306004065c3db | ||
| TreasuryCap<0x871d4332aeb888fafa0c90280a3b2d301213e3352c11493b2ac59002264c2d20::mintcoin::MINTCOIN>: 0x9000629971a67ee3df540a54da1c8af5a67629e2aa479a515b5942d116288aa4 | ||
| Package: 0x871d4332aeb888fafa0c90280a3b2d301213e3352c11493b2ac59002264c2d20 | ||
| ``` | ||
|
|
||
| ## Contracts | ||
|
|
||
| #### `mint.move` | ||
| ```move file=<rootDir>/docs/examples/move/ctf/challenge_3/sources/mint.move | ||
| ``` | ||
|
|
||
| #### `counter.move` | ||
| ```move file=<rootDir>/docs/examples/move/ctf/challenge_3/sources/counter.move | ||
| ``` | ||
|
|
||
|
|
||
| ## Related Articles | ||
| This challenge's main contract is written using the Coin Standard. Having been familiar with the [Object Model](../iota-101/objects/object-model.mdx) from the last challenge, you should now be able to understand the Coin Standard and how it works. | ||
|
|
||
| - [Coin Standard](../standards/coin.mdx) | ||
|
|
||
|
|
||
|
|
||
| :::tip | ||
| Your starting point should be the function `get_flag` in the `mint` module to understand the steps required to capture the flag. To successfully complete the challenge, make sure to follow the contract's logic and requirements. | ||
| ::: | ||
|
|
||
| Good luck in capturing your third flag! | ||
|
|
||
|
|
||
|
|
||
| <ChallengeVerifier expectedObjectType="0x871d4332aeb888fafa0c90280a3b2d301213e3352c11493b2ac59002264c2d20::mintcoin::Flag" /> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
|
|
||
| import ChallengeVerifier from '@site/src/components/CTF/ctf-verifier'; | ||
|
|
||
|
|
||
|
|
||
|
|
||
| # Challenge 4: Airdrop | ||
|
|
||
| Your mission is to participate in the "Horse Token" airdrop and capture the elusive flag. You'll need to mint some Horse Tokens and claim your share through the airdrop mechanism. But simply collecting tokens won’t be enough—securing the flag requires a bit more effort. | ||
|
|
||
| Use your command line expertise to interact with the system, track your progress, and perform key actions efficiently. Pay close attention to the airdrop logic, as understanding how the token distribution works will be crucial to successfully capturing the flag. | ||
|
|
||
| ## Deployed Contract Addresses: | ||
| ``` | ||
| CoinMetadata<0x817e64f33b784f0c4a3d2cd18f62cc4409bc869efa715f29e93eff52343fb7b2::airdrop::AIRDROP>: 0x75b11dbbf346488ac50bbd6a29754ebb8ba3bd82439e066d6964f69562273135 | ||
| Vault: 0xd23dfa1f51d97073ce8a70738a731a41034e3261831254ab462a100e5b3fe6b3 | ||
| Package: 0x817e64f33b784f0c4a3d2cd18f62cc4409bc869efa715f29e93eff52343fb7b2 | ||
| TreasuryCap<0x817e64f33b784f0c4a3d2cd18f62cc4409bc869efa715f29e93eff52343fb7b2::airdrop::AIRDROP>: 0xeaa5652a1a516192b84daadc02e122b2eebb45fd24660accd8801f8b45f6f0d8 | ||
| Counter: 0x981ce022aa5193b3460073484dd2f479093d276fff1d3e742ea506d5f87bc0bb | ||
| ``` | ||
|
|
||
| ## Contracts | ||
|
|
||
| ### `airdrop.move` | ||
| ```move file=<rootDir>/docs/examples/move/ctf/challenge_4/sources/airdrop.move | ||
| ``` | ||
|
|
||
| ### `counter.move` | ||
| ```move file=<rootDir>/docs/examples/move/ctf/challenge_4/sources/counter.move | ||
| ``` | ||
|
|
||
| ## Related Articles | ||
| Challenges 1-3 have introduced you to the basics of interacting with Move contracts, the Object Model, and the Coin Standard. In this challenge, you'll need to apply your knowledge to a more complex scenario involving an airdrop mechanism. | ||
| This challnege can be solved with IOTA PTBs, which will also help you in further challenges. | ||
|
|
||
| - [Coin Standard](../standards/coin.mdx) | ||
| - [Object Model](../iota-101/objects/object-model.mdx) | ||
| - [Programmable Transaction Blocks](../iota-101/transactions/ptb/programmable-transaction-blocks-overview.mdx) | ||
|
|
||
|
|
||
|
|
||
| Good luck in capturing your fourth flag! | ||
|
|
||
|
|
||
| :::tip | ||
| Under `Deployed Contract Addresses`, you can find the addresses of the package as well as the `Vault`. Carefully check what the constraints are for the `get_flag` function to work, as it has some assertions that need to be met. | ||
| ::: | ||
|
|
||
| <ChallengeVerifier expectedObjectType="0x817e64f33b784f0c4a3d2cd18f62cc4409bc869efa715f29e93eff52343fb7b2::airdrop::Flag" /> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
|
|
||
| import ChallengeVerifier from '@site/src/components/CTF/ctf-verifier'; | ||
|
|
||
|
|
||
|
|
||
|
|
||
| # Challenge 5: Perfect Pizza | ||
|
|
||
| When in Italy, pizza is a way of life. Crafted from simple ingredients with an artful touch, only the perfect combination will gain the approval of the pizzaiolo (master pizza maker). Choose your ingredients wisely—anything less than perfection and your creation won’t pass the test. | ||
|
|
||
| In this challenge, you'll need to carefully assemble your pizza using the correct ingredients. The pizzaiolo will judge your creation, and only a perfect pizza will earn you the flag. Attention to detail is key—get it right, or it's back to the kitchen! | ||
|
|
||
| ## Deployed Contract Address: | ||
| ``` | ||
| Package: 0xdd29ddb70eec2828bf8375c9bb3e4c3546f94d9090113fc760adce8010d69762 | ||
| ``` | ||
|
|
||
| ## Contracts | ||
|
|
||
| ### `pizza.move` | ||
| ```move file=<rootDir>/docs/examples/move/ctf/challenge_5/sources/pizza.move | ||
| ``` | ||
|
|
||
| :::tip | ||
| The pizzaiolo uses [bcs::to_bytes](../../references/framework/iota-framework/bcs.mdx#function-to_bytes) to make sure the ingredients are in order. Make sure you understand how to use this function to pass the test. | ||
| ::: | ||
|
|
||
|
|
||
| ## Related Articles | ||
| Now that your are familiar with the basics of Move, this challenge will introduce a function from the iota-framework which you should be familiar with. | ||
| After taking a look at the challenge's usage of [bcs::to_bytes](../../references/framework/iota-framework/bcs.mdx#function-to_bytes), we recommend you to take a look at the IOTA Framework documentation to understand how to use it in further challenges. | ||
|
|
||
| - [IOTA Framework](../../references/framework/iota-framework/) | ||
|
|
||
|
|
||
| Good luck in capturing your fifth flag! | ||
|
|
||
|
|
||
| <ChallengeVerifier expectedObjectType="0xdd29ddb70eec2828bf8375c9bb3e4c3546f94d9090113fc760adce8010d69762::pizza::Flag" /> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
|
|
||
| import ChallengeVerifier from '@site/src/components/CTF/ctf-verifier'; | ||
|
|
||
|
|
||
|
|
||
|
|
||
| # Challenge 6: Go Recycle! | ||
|
|
||
| The City of Venice is tired of all the trash ending up in the canals, especially pizza boxes still filled with a certain type of pizza which are just dumped everywhere are ruining the experience. They decided to start a recycling program rewarding people who do their part with a Venetian Flag; Go grab one! | ||
|
|
||
| For this challenge you might want to investigate the [Transfer to object](../iota-101/objects/transfers/transfer-to-object.mdx) functionality; Pizzaboxes from previous challenges can not be used in this one. | ||
|
|
||
| ## Deployed Contract Addresses: | ||
| ``` | ||
| PizzaBoxRecycler: 0x8c23295c9844f10a7f3809d0a31bca68094bd867e4da35b8ab4d1166a017b383 | ||
| Package: 0x5b3571ccaf942310691ca034fbfa381ccd724029396e329910a789b1d25ece3d | ||
| ``` | ||
|
|
||
| ## Contracts | ||
|
|
||
| ### recycle.move | ||
| ```move file=<rootDir>/docs/examples/move/ctf/challenge_6/sources/recycle.move | ||
| ``` | ||
|
|
||
| ### pizza.move | ||
| ```move file=<rootDir>/docs/examples/move/ctf/challenge_6/sources/pizza.move | ||
| ``` | ||
|
|
||
|
|
||
| ## Related Articles | ||
|
|
||
| The previous challenges covered the basics of the Object Model and how to interact with the blockchain. This challenge's main theme is object transfers, which will be crucial to capturing the flag. | ||
| We recommend you to check the following articles: | ||
|
|
||
| - [Object Transfers](../iota-101/objects/transfers/) | ||
| - [Transfer to object](../iota-101/objects/transfers/transfer-to-object.mdx) | ||
| - [Custom Transfer Rules](../iota-101/objects/transfers/custom-rules.mdx) | ||
|
|
||
|
|
||
|
|
||
| Good luck in capturing your sixth flag! | ||
|
|
||
| :::tip | ||
| Make sure you recycle enough pizza boxes! | ||
| ::: | ||
|
|
||
| <ChallengeVerifier expectedObjectType="0x5b3571ccaf942310691ca034fbfa381ccd724029396e329910a789b1d25ece3d::recycle::Flag" /> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
|
|
||
| import ChallengeVerifier from '@site/src/components/CTF/ctf-verifier'; | ||
|
|
||
|
|
||
|
|
||
|
|
||
| # Challenge 7: PTBs | ||
|
|
||
| In response to the recent pizza challenge, the city of Venice has implemented a smart contract to efficiently manage ingredients and prevent hoarding. Participants are invited to utilize these perishable ingredients, which must be used immediately to create dough. | ||
|
|
||
| Your objective is to gather the necessary ingredients—flour, water, yeast, and salt—and craft the dough required to capture the flag. This challenge can be solved using the Move CLI and the [`iota client ptb` command.](../../references/cli/ptb.mdx) | ||
|
|
||
| ## Deployed Contract Addresses: | ||
| ``` | ||
| Package: 0x2fce22869e453ec5bb6de2b3bee4cb94b2c3605abad9e9bbda477a75306bef2c | ||
| ``` | ||
|
|
||
| ## Contracts | ||
|
|
||
| ### `ptb.move` | ||
| ```move file=<rootDir>/docs/examples/move/ctf/challenge_7/sources/ptb.move | ||
| ``` | ||
|
|
||
|
|
||
| ## Related Articles | ||
|
|
||
| This challenge will introduce you to the PTB standard and how to use the Move CLI to interact with it. You should be familiar with the PTB standard and how to use the Move CLI to call the `ptb` function. | ||
|
|
||
| - [PTB Standard](../iota-101/transactions/ptb/programmable-transaction-blocks-overview.mdx) | ||
| - [IOTA CLI reference](../../references/cli/ptb.mdx) | ||
|
|
||
|
|
||
|
|
||
| Good luck in capturing your seventh flag! | ||
|
|
||
|
|
||
|
|
||
| <ChallengeVerifier expectedObjectType="0x2fce22869e453ec5bb6de2b3bee4cb94b2c3605abad9e9bbda477a75306bef2c::ptb::Flag" /> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
|
|
||
| import ChallengeVerifier from '@site/src/components/CTF/ctf-verifier'; | ||
|
|
||
|
|
||
|
|
||
|
|
||
| # Challenge 8: Flash! | ||
|
|
||
| In this challenge, you will explore a decentralized exchange (DEX) with a critical flaw you can exploit to capture the flag. This exchange operates with two tokens—CTFA and CTFB—and features a vault that allows users to take flash loans. Your objective is to manipulate the token balances effectively to obtain the flag by using the vulnerabilities in the DEX's flash loan mechanism. | ||
| To solve this challenge, you will have to have a deep understanding of [programmable transaction blocks (PTBs)](../iota-101/transactions/ptb/programmable-transaction-blocks-overview.mdx) and how to build them using the [TS SDK](../iota-101/transactions/ptb/building-programmable-transaction-blocks-ts-sdk.mdx) or the [CLI](../../references/cli/ptb.mdx). | ||
|
|
||
| ## Deployed Contract Addresses: | ||
| ``` | ||
| MintA<0xfd9284dd49737957297ebb10a9bbf73964453696c037b9e59f0fb4d23fc13aee::ctfa::CTFA>: 0x87cde5710a62e890058cf841ac3efa9f7b9db7a34f59c07621f994addbf06b9a | ||
| MintB<0xfd9284dd49737957297ebb10a9bbf73964453696c037b9e59f0fb4d23fc13aee::ctfb::CTFB>: 0x4395d877fb46f8f9929a090eab7c1a69ec3fadcc5dbd491c0cc04716a8e18164 | ||
| Package: 0xfd9284dd49737957297ebb10a9bbf73964453696c037b9e59f0fb4d23fc13aee | ||
| CoinMetadata<0xfd9284dd49737957297ebb10a9bbf73964453696c037b9e59f0fb4d23fc13aee::ctfa::CTFA>: 0xcf7289e7211f6df0d63f4485bf5b3978ce58f3a55c1989811033f88ed586f35a | ||
| CoinMetadata<0xfd9284dd49737957297ebb10a9bbf73964453696c037b9e59f0fb4d23fc13aee::ctfb::CTFB>: 0x475243f98ca1707225743502003d34b207ffc8b6f6b0bd2e8531eee0555f6085 | ||
| ``` | ||
|
|
||
| ## Contracts | ||
|
|
||
| ### `firstcoin.move` | ||
| ```move file=<rootDir>/docs/examples/move/ctf/challenge_8/sources/firstcoin.move | ||
| ``` | ||
|
|
||
| ### `secondcoin.move` | ||
| ```move file=<rootDir>/docs/examples/move/ctf/challenge_8/sources/secondcoin.move | ||
| ``` | ||
|
|
||
| ### `vault.move` | ||
| ```move file=<rootDir>/docs/examples/move/ctf/challenge_8/sources/vault.move | ||
| ``` | ||
|
|
||
| Good luck in capturing your eighth flag! | ||
|
|
||
|
|
||
| ## Related Articles | ||
| This challenge will test your understanding of the Object Model, the Coin Standard, and PTBs. You will need to use your knowledge of these concepts to exploit the DEX's flash loan mechanism and capture the flag. | ||
|
|
||
| - [Coin Standard](../standards/coin.mdx) | ||
| - [Object Model](../iota-101/objects/object-model.mdx) | ||
| - [Programmable Transaction Blocks](../iota-101/transactions/ptb/programmable-transaction-blocks-overview.mdx) | ||
| - [IOTA CLI reference](../../references/cli/ptb.mdx) | ||
| - [IOTA TS SDK reference](../iota-101/transactions/ptb/building-programmable-transaction-blocks-ts-sdk.mdx) | ||
|
|
||
|
|
||
|
|
||
| :::tip | ||
| The DEX programmer pulled an all-nighter before writing the flash loan mechanism, making a critical mistake. | ||
| ::: | ||
|
|
||
|
|
||
|
|
||
|
|
||
| <ChallengeVerifier expectedObjectType="0xfd9284dd49737957297ebb10a9bbf73964453696c037b9e59f0fb4d23fc13aee::vault::Flag" /> |
Oops, something went wrong.