Skip to content

Commit

Permalink
feat(docs): add interactive CTF challenges to docs (#3014)
Browse files Browse the repository at this point in the history 
* fix(docs): add refs to related articles

Signed-off-by: salaheldinsoliman <[email protected]>

* fix(docs): update readme of challneges

Signed-off-by: salaheldinsoliman <[email protected]>

* feat(docs): Add related articles and Hints

Signed-off-by: salaheldinsoliman <[email protected]>

* feat(docs): Add related articles and Hints

Signed-off-by: salaheldinsoliman <[email protected]>

* Apply suggestions from code review

Co-authored-by: Lucas Tortora <[email protected]>

* feat(docs): Change info to tip

Signed-off-by: salaheldinsoliman <[email protected]>

* feat(docs): Change info to tip

Signed-off-by: salaheldinsoliman <[email protected]>

* fix(docs): broken links

Signed-off-by: salaheldinsoliman <[email protected]>

* fix(docs): apply dprint

Signed-off-by: salaheldinsoliman <[email protected]>

---------

Signed-off-by: salaheldinsoliman <[email protected]>
Co-authored-by: Lucas Tortora <[email protected]>
  • Loading branch information
@salaheldinsoliman @lucas-tortora
salaheldinsoliman and lucas-tortora authored Oct 28, 2024
1 parent 2204491 commit c6bd157
Show file tree
Hide file tree
Showing 48 changed files with 1,588 additions and 0 deletions.
41 changes: 41 additions & 0 deletions docs/content/developer/iota-move-ctf/challenge_1.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@

import ChallengeVerifier from '@site/src/components/CTF/ctf-verifier';




# Challenge 1: Checkin

In this first challenge, your task is to interact with a basic Move contract. The contract defines a `Flag` object, which you need to retrieve by calling a specific function.

The contract mints a new flag and transfers it to your account. Your goal is to [call the function](../getting-started/publish.mdx#accessing-your-package), capture the flag, and then submit the object ID to verify your success.

This challenge is designed to be an easy introduction, guiding you through the process of interacting with the blockchain, calling functions, and understanding the basics of flag capture.


## Deployed Contract Address:
```
Package: 0xce9b1471301ffaf1453297cca008a68ce851b6a9ba9ab241c357c346177903f3
```

## Contracts
### `checkin.move`
```move file=<rootDir>/docs/examples/move/ctf/challenge_1/sources/checkin.move
```


## Related Articles

In this challenge, you must use the IOTA CLI to interact with the blockchain. This set of articles will help you set up your environment and call a deployed contract:

- [Installing IOTA CLI](../getting-started/install-iota.mdx)
- [Connecting to Alphanet](../getting-started/connect.mdx)
- [Get Iota coins](../getting-started/get-coins.mdx)
- [Accessing Your Package](../getting-started/publish.mdx#accessing-your-package)


Good luck in capturing your first flag!



<ChallengeVerifier expectedObjectType="0xce9b1471301ffaf1453297cca008a68ce851b6a9ba9ab241c357c346177903f3::checkin::Flag" />
46 changes: 46 additions & 0 deletions docs/content/developer/iota-move-ctf/challenge_2.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@

import ChallengeVerifier from '@site/src/components/CTF/ctf-verifier';




# Challenge 2: Lucky Number

In this challenge you are supposed to get the flag Event by passing in the right parameters to the `get_flag` function in the `luckynumber` module. If you do this correctly you should get a Flag event in return.



## Deployed Contract Addresses:
```
Package: 0xb13a3cd66c6aa2ccff512fee9d950176acf0835fbf2091fa32e789d44baabe01
Counter: 0x88c94654907f9daabbc25e9724997bd71a16e13f55cc4580f5e7c207e3ff28f2
```

## Contracts
### `luckynumber.move`
```move file=<rootDir>/docs/examples/move/ctf/challenge_2/sources/luckynumber.move
```

### `counter.move`
```move file=<rootDir>/docs/examples/move/ctf/challenge_2/sources/counter.move
```


## Related Articles
In this stage of the CTF, you should be familiar with how to use the CLI to call a Move function and pass in the right parameters, as well as a general understanding of the Object Model:

- [IOTA CLI reference](../../references/cli/)
- [Object Model](../iota-101/objects/object-model.mdx)



:::tip
You should check how to use the CLI to call a function in a module and pass in the right parameters. `iota client call --help` might help.
:::


Good luck in capturing your second flag!



<ChallengeVerifier expectedObjectType="0xb13a3cd66c6aa2ccff512fee9d950176acf0835fbf2091fa32e789d44baabe01::luckynumber::Flag" />
48 changes: 48 additions & 0 deletions docs/content/developer/iota-move-ctf/challenge_3.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@

import ChallengeVerifier from '@site/src/components/CTF/ctf-verifier';




# Challenge 3: MintCoin Mechanics

In this challenge, you'll dive into the mechanics of "MintCoin," a [coin](../standards/coin.mdx) that allows anyone to mint new tokens using a "Proof of Move" process. However, minting alone will not be enough to get the flag—you'll need to go a step further.

Your goal is to understand how the system works and figure out the extra steps needed to successfully retrieve the flag.


## Deployed Contract Addresses:
```
CoinMetadata<0xf84628ac335e59ce6e305835cc09c0b9983d7b1695ab28e96cf875b49923e4ed::mintcoin::MINTCOIN>: 0x1bd5dfa2e5f1d3a3825403d92b8199ce3f69a5e70a785f28d698715b54d78321
Counter: 0xe7877309899ef0618ea0e269327f79e3bdf38ff2860fd01f5d278b46ea8cd630
TreasuryCap<0xf84628ac335e59ce6e305835cc09c0b9983d7b1695ab28e96cf875b49923e4ed::mintcoin::MINTCOIN>: 0xf3cb314954f0823961fdfe93ba9403314b4c53bb654f73ba37fe3c8400831e23
Package: 0xf84628ac335e59ce6e305835cc09c0b9983d7b1695ab28e96cf875b49923e4ed
```

## Contracts

#### `mint.move`
```move file=<rootDir>/docs/examples/move/ctf/challenge_3/sources/mint.move
```

#### `counter.move`
```move file=<rootDir>/docs/examples/move/ctf/challenge_3/sources/counter.move
```


## Related Articles
This challenge's main contract is written using the Coin Standard. Having been familiar with the [Object Model](../iota-101/objects/object-model.mdx) from the last challenge, you should now be able to understand the Coin Standard and how it works.

- [Coin Standard](../standards/coin.mdx)



:::tip
Your starting point should be the function `get_flag` in the `mint` module to understand the steps required to capture the flag. To successfully complete the challenge, make sure to follow the contract's logic and requirements.
:::

Good luck in capturing your third flag!



<ChallengeVerifier expectedObjectType="0xf84628ac335e59ce6e305835cc09c0b9983d7b1695ab28e96cf875b49923e4ed::mintcoin::Flag" />
49 changes: 49 additions & 0 deletions docs/content/developer/iota-move-ctf/challenge_4.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@

import ChallengeVerifier from '@site/src/components/CTF/ctf-verifier';




# Challenge 4: Airdrop

Your mission is to participate in the "Horse Token" airdrop and capture the elusive flag. You'll need to mint some Horse Tokens and claim your share through the airdrop mechanism. But simply collecting tokens won’t be enough—securing the flag requires a bit more effort.

Use your command line expertise to interact with the system, track your progress, and perform key actions efficiently. Pay close attention to the airdrop logic, as understanding how the token distribution works will be crucial to successfully capturing the flag.

## Deployed Contract Addresses:
```
CoinMetadata<0x913ddcf84345bc087530e0b5d8b183780ecf902ea6cfa64b62d3f8a349ebafd9::airdrop::AIRDROP>: 0x163ef67f9631eea22ef33e58aab3e0d5c243184335e943047c28cb0a30985cf0
Vault: 0x4ae07fd00773080f9af2e43c2464667536d661ba0001a670e3971efbb01446e2
Package: 0x913ddcf84345bc087530e0b5d8b183780ecf902ea6cfa64b62d3f8a349ebafd9
TreasuryCap<0x913ddcf84345bc087530e0b5d8b183780ecf902ea6cfa64b62d3f8a349ebafd9::airdrop::AIRDROP>: 0xa9b65a0be78472f053298980a4fae935d12571731bfd7be3b9d41183a7f100ff
Counter: 0xc96bfaf42e3b8b1f2e5dbf469dc5f7846c911dbbb76966475cfd06cf3893b080
```

## Contracts

### `airdrop.move`
```move file=<rootDir>/docs/examples/move/ctf/challenge_4/sources/airdrop.move
```

### `counter.move`
```move file=<rootDir>/docs/examples/move/ctf/challenge_4/sources/counter.move
```

## Related Articles
Challenges 1-3 have introduced you to the basics of interacting with Move contracts, the Object Model, and the Coin Standard. In this challenge, you'll need to apply your knowledge to a more complex scenario involving an airdrop mechanism.
This challnege can be solved with IOTA PTBs, which will also help you in further challenges.

- [Coin Standard](../standards/coin.mdx)
- [Object Model](../iota-101/objects/object-model.mdx)
- [Programmable Transaction Blocks](../iota-101/transactions/ptb/working-with-ptbs.mdx)



Good luck in capturing your fourth flag!


:::tip
Under `Deployed Contract Addresses`, you can find the addresses of the package as well as the `Vault`. Carefully check what the constraints are for the `get_flag` function to work, as it has some assertions that need to be met.
:::

<ChallengeVerifier expectedObjectType="0x913ddcf84345bc087530e0b5d8b183780ecf902ea6cfa64b62d3f8a349ebafd9::airdrop::Flag" />
39 changes: 39 additions & 0 deletions docs/content/developer/iota-move-ctf/challenge_5.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@

import ChallengeVerifier from '@site/src/components/CTF/ctf-verifier';




# Challenge 5: Perfect Pizza

When in Italy, pizza is a way of life. Crafted from simple ingredients with an artful touch, only the perfect combination will gain the approval of the pizzaiolo (master pizza maker). Choose your ingredients wisely—anything less than perfection and your creation won’t pass the test.

In this challenge, you'll need to carefully assemble your pizza using the correct ingredients. The pizzaiolo will judge your creation, and only a perfect pizza will earn you the flag. Attention to detail is key—get it right, or it's back to the kitchen!

## Deployed Contract Address:
```
Package: 0x84c3037c252e1b9142087a19c2bd776ee86316775484eb78e9f97618d877a577
```

## Contracts

### `pizza.move`
```move file=<rootDir>/docs/examples/move/ctf/challenge_5/sources/pizza.move
```

:::tip
The pizzaiolo uses [bcs::to_bytes](../../references/framework/iota-framework/bcs.mdx#function-to_bytes) to make sure the ingredients are in order. Make sure you understand how to use this function to pass the test.
:::


## Related Articles
Now that your are familiar with the basics of Move, this challenge will introduce a function from the iota-framework which you should be familiar with.
After taking a look at the challenge's usage of [bcs::to_bytes](../../references/framework/iota-framework/bcs.mdx#function-to_bytes), we recommend you to take a look at the IOTA Framework documentation to understand how to use it in further challenges.

- [IOTA Framework](../../references/framework/iota-framework/)


Good luck in capturing your fifth flag!


<ChallengeVerifier expectedObjectType="0x84c3037c252e1b9142087a19c2bd776ee86316775484eb78e9f97618d877a577::pizza::Flag" />
47 changes: 47 additions & 0 deletions docs/content/developer/iota-move-ctf/challenge_6.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@

import ChallengeVerifier from '@site/src/components/CTF/ctf-verifier';




# Challenge 6: Go Recycle!

The City of Venice is tired of all the trash ending up in the canals, especially pizza boxes still filled with a certain type of pizza which are just dumped everywhere are ruining the experience. They decided to start a recycling program rewarding people who do their part with a Venetian Flag; Go grab one!

For this challenge you might want to investigate the [Transfer to object](../iota-101/objects/transfers/transfer-to-object.mdx) functionality; Pizzaboxes from previous challenges can not be used in this one.

## Deployed Contract Addresses:
```
PizzaBoxRecycler: 0x16ddd3ae8cc4fe71f1acdc52838412a645eac93f1176450d05a77642f1816f34
Package: 0xcbe251b41a23a3952e64036f01367df82f1ccf3498cb139ff3ef44712441abc9
```

## Contracts

### recycle.move
```move file=<rootDir>/docs/examples/move/ctf/challenge_6/sources/recycle.move
```

### pizza.move
```move file=<rootDir>/docs/examples/move/ctf/challenge_6/sources/pizza.move
```


## Related Articles

The previous challenges covered the basics of the Object Model and how to interact with the blockchain. This challenge's main theme is object transfers, which will be crucial to capturing the flag.
We recommend you to check the following articles:

- [Object Transfers](../iota-101/objects/transfers/)
- [Transfer to object](../iota-101/objects/transfers/transfer-to-object.mdx)
- [Custom Transfer Rules](../iota-101/objects/transfers/custom-rules.mdx)



Good luck in capturing your sixth flag!

:::tip
Make sure you recycle enough pizza boxes!
:::

<ChallengeVerifier expectedObjectType="0xcbe251b41a23a3952e64036f01367df82f1ccf3498cb139ff3ef44712441abc9::recycle::Flag" />
38 changes: 38 additions & 0 deletions docs/content/developer/iota-move-ctf/challenge_7.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@

import ChallengeVerifier from '@site/src/components/CTF/ctf-verifier';




# Challenge 7: PTBs

In response to the recent pizza challenge, the city of Venice has implemented a smart contract to efficiently manage ingredients and prevent hoarding. Participants are invited to utilize these perishable ingredients, which must be used immediately to create dough.

Your objective is to gather the necessary ingredients—flour, water, yeast, and salt—and craft the dough required to capture the flag. This challenge can be solved using the Move CLI and the [`iota client ptb` command.](../../references/cli/ptb.mdx)

## Deployed Contract Addresses:
```
Package: 0x202d65a2b1d2de4ba90e9eeb51ef4e16fafdaaa5c8b1dc3cbd8a935e5eb4d25c
```

## Contracts

### `ptb.move`
```move file=<rootDir>/docs/examples/move/ctf/challenge_7/sources/ptb.move
```


## Related Articles

This challenge will introduce you to the PTB standard and how to use the Move CLI to interact with it. You should be familiar with the PTB standard and how to use the Move CLI to call the `ptb` function.

- [PTB Standard](../iota-101/transactions/ptb/working-with-ptbs.mdx)
- [IOTA CLI reference](../../references/cli/ptb.mdx)



Good luck in capturing your seventh flag!



<ChallengeVerifier expectedObjectType="0x202d65a2b1d2de4ba90e9eeb51ef4e16fafdaaa5c8b1dc3cbd8a935e5eb4d25c::ptb::Flag" />
56 changes: 56 additions & 0 deletions docs/content/developer/iota-move-ctf/challenge_8.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@

import ChallengeVerifier from '@site/src/components/CTF/ctf-verifier';




# Challenge 8: Flash!

In this challenge, you will explore a decentralized exchange (DEX) with a critical flaw you can exploit to capture the flag. This exchange operates with two tokens—CTFA and CTFB—and features a vault that allows users to take flash loans. Your objective is to manipulate the token balances effectively to obtain the flag by using the vulnerabilities in the DEX's flash loan mechanism.
To solve this challenge, you will have to have a deep understanding of [programmable transaction blocks (PTBs)](../iota-101/transactions/ptb/prog-txn-blocks.mdx) and how to build them using the [TS SDK](../iota-101/transactions/ptb/building-ptb.mdx) or the [CLI](../../references/cli/ptb.mdx).

## Deployed Contract Addresses:
```
MintA<0x828a5da05496e86075fab366b2b66ec3ba0a3bfbed68ce56140d589d94da9b33::ctfa::CTFA>: 0x66e8dd865238a68f50db8be7177ee662b754133f409c35c36975f9d6e6f7f6e4
MintB<0x828a5da05496e86075fab366b2b66ec3ba0a3bfbed68ce56140d589d94da9b33::ctfb::CTFB>: 0x7c4f0f9d2e62bb0c440e5d281fbac69997dc14e1586cfedcea49f547a54eca1b
Package: 0x828a5da05496e86075fab366b2b66ec3ba0a3bfbed68ce56140d589d94da9b33
CoinMetadata<0x828a5da05496e86075fab366b2b66ec3ba0a3bfbed68ce56140d589d94da9b33::ctfa::CTFA>: 0x8f9c961398fcbfff8b9b1f14e1d6731bcfa2480f7c4f26fbb76496498bcc684e
CoinMetadata<0x828a5da05496e86075fab366b2b66ec3ba0a3bfbed68ce56140d589d94da9b33::ctfb::CTFB>: 0xca909dd26da43ac1d0992ebe796e0714d9382e0e4ec35640a1ac9845b3bb087d
```

## Contracts

### `firstcoin.move`
```move file=<rootDir>/docs/examples/move/ctf/challenge_8/sources/firstcoin.move
```

### `secondcoin.move`
```move file=<rootDir>/docs/examples/move/ctf/challenge_8/sources/secondcoin.move
```

### `vault.move`
```move file=<rootDir>/docs/examples/move/ctf/challenge_8/sources/vault.move
```

Good luck in capturing your eighth flag!


## Related Articles
This challenge will test your understanding of the Object Model, the Coin Standard, and PTBs. You will need to use your knowledge of these concepts to exploit the DEX's flash loan mechanism and capture the flag.

- [Coin Standard](../standards/coin.mdx)
- [Object Model](../iota-101/objects/object-model.mdx)
- [Programmable Transaction Blocks](../iota-101/transactions/ptb/working-with-ptbs.mdx)
- [IOTA CLI reference](../../references/cli/ptb.mdx)
- [IOTA TS SDK reference](../iota-101/transactions/ptb/building-ptb.mdx)



:::tip
The DEX programmer pulled an all-nighter before writing the flash loan mechanism, making a critical mistake.
:::




<ChallengeVerifier expectedObjectType="0x828a5da05496e86075fab366b2b66ec3ba0a3bfbed68ce56140d589d94da9b33::vault::Flag" />
Loading

0 comments on commit c6bd157

Please sign in to comment.