Blocksec CTFs
A curated list of blockchain security Wargames, Challenges, and Capture the Flag (CTF) competitions and solution writeups.
Wargames and Writeups
- Ethernaut
- Ethernaut Solutions by cmichel – Challenges 0-21
- Ethernaut Writeups by Macmod – Challenges 0-9
- Ethernaut Solutions by tsauvajon – Challenges 1-11
- Ethernaut Solutions by tinchoabbate
- The Ethernaut CTF Writeup by Arseny Reutov – Challenges 0-6
- Ethernaut Lvl 0 Walkthrough: ABIs, Web3, and how to abuse them by Nicole Zhu
- Ethernaut Lvl 1 Walkthrough: how to abuse the Fallback function by Nicole Zhu
- Ethernaut Lvl 2 Fallout Walkthrough: how simple developer errors become big mistakes by Nicole Zhu
- Ethernaut Lvl 3 Coin Flip Walkthrough: how to abuse psuedo randomness in smart contracts by Nicole Zhu
- Ethernaut Lvl 4 Telephone Walkthrough: how to abuse tx.origin & msg.sender by Nicole Zhu
- Ethernaut Lvl 5 Token Walkthrough: How to abuse arithmetic underflows and overflows by Nicole Zhu
- Ethernaut Lvl 6 Delegation Walkthrough: How to abuse the delicate delegatecall by Nicole Zhu
- Ethernaut Lvl 7 Force Walkthrough — How to selfdestruct and create an Ether blackhole by Nicole Zhu
- Ethernaut Lvl 8 Vault Walkthrough — How to read “private” variables in contract storage (with Truffle) by Nicole Zhu
- Ethernaut Lvl 9 King Walkthrough: How bad contracts can abuse withdrawals by Nicole Zhu
- Ethernaut Lvl 10 Re-entrancy Walkthrough: How to abuse execution ordering and reproduce the DAO hack by Nicole Zhu
- Ethernaut Lvl 11 Elevator Walkthrough: How to abuse Solidity interfaces and function state modifiers by Nicole Zhu
- Ethernaut Lvl 12 Privacy Walkthrough: How Ethereum optimizes storage to save space and be less gassy by Nicole Zhu
- Ethernaut Lvl 13 Gatekeeper 1 Walkthrough: How to calculate smart contract gas consumption (and byte masking) by Nicole Zhu
- Ethernaut Lvl 14 Gatekeeper 2 Walkthrough: How contracts initialize (and how to do bitwise operations) by Nicole Zhu
- Ethernaut Lvl 15 Naught Coin Walkthrough: How to abuse ERC20 tokens and bad ICOs by Nicole Zhu
- Ethernaut Lvl 16 Preservation Walkthrough: How to inject malicious contracts with delegatecall by Nicole Zhu
- Ethernaut Lvl 17 Locked Walkthrough: How to properly use (and abuse) structs in Solidity by Nicole Zhu
- Ethernaut Lvl 18 Recovery Walkthrough: How to retrieve lost contract addresses (in 2 ways) by Nicole Zhu
- Ethernaut Lvl 19 MagicNumber Walkthrough: How to deploy contracts using raw assembly opcodes by Nicole Zhu
- Ethernaut Challenges solutions by Asamartino – Challenges (0-21)
- Ethernaut Challenges solutions by Simon – Challenges (0-21)
- Capture the Ether
- EtherHack
- Security Innovation Blockchain CTF
- Security Innovation Blockchain CTF Solutions by Narendra Patel
- Cipher Shastra
- Sherlock Writeup by Razzor
- DeFi Hack
Challenges and Writeups
- Solana Security Workshop by Neodyme
- Solution by Christoph Michel
- Interview Contracts by Halborn
- Pinball Challenge by samczsun
- Damn Vulnerable DeFi
- Damn Vulnerable DeFi Solutions by cmichel
- Write-ups and lessons learned from Damn Vulnerable #DeFi by Damian Rusinek
- Damn Vulnerable DeFi — Setup and Challenge #1 Walkthrough by iphelix
- Damn Vulnerable DeFi — Challenge #2 Walkthrough by iphelix
- Damn Vulnerable DeFi — Challenge #3 Walkthrough by iphelix
- Damn Vulnerable DeFi — Challenge #4 Walkthrough by iphelix
- Damn Vulnerable DeFi — Challenge #5 Walkthrough by iphelix
- Damn Vulnerable DeFi — Challenge #6 Walkthrough by iphelix
- Damn Vulnerable DeFi — Challenge #7 Walkthrough by iphelix
- Damn Vulnerable DeFi Video Solutions by Smart Contract Programmer
- NCCGroup GOAT Casino
- Damn Vulnerable Crypto Wallet
- Cryptohunt by p4d
- Impossible by u/eththrowaway4
- Break My Contract, Steal My Money Challenges
- Hacking smart contracts for fun and profit by István András Seres
CTFs and Writeups
- The Standoff Digital Art Competition
- Paradigm CTF – 2021
- Official Challenges and Solutions:
- Community Solutions:
- Paradigm CTF 2021 Solutions and Github repo by cmichel
- BabyRev and Upgrade Solutions by Ansgar Dietrichs
- [Paradigm JOP Solution on Twitch Part 1 and Part 2 by Ansgar Dietrichs
- Paradigm CTF 2021 Solutions by thegostep
- BabyCrypto, BabySandbox, and Lockbox writeups by roynalnaruto
- BabyCrypto Challenge by Team Dilicious (Sam Wilson)
- Broker Challenge by Team Dilicious (Sam Wilson)
- BabyRev Challenge by Team Dilicious (Sam Wilson)
- Bank Challenge by Team Dilicious (smarx)
- Vault Challenge by Team Dilicious (smarx)
- Paradigm CTF Solutions by Furucombo
- Swap Challenge by samczsun
- 0xPOLAND – 2020
- AnChain CTF – 2020
- Sharky CTF – 2020
- Sharky CTF: Blockchain Level 0 to 4 Writeup by Nithilan Pugal
- Sharky CTF Blockchain Challenges by Imagin
- RazzorSec CTF
- Donjon CTF – 2020
- Chain Heist – 2019
- Capture the Coin – 2019
- “Capture the Coin” at Defcon and you could win big
- How the Coinbase Security team deployed CTFd to Power our First Capture the Flag contest at Defcon 27
- Congratulations Capture the Coin participants!
- Capture the Coin — Trivia Solutions
- Capture the Coin — Blockchain Category Solutions
- Capture the Coin — Cryptography Category Solutions
- Capture the Coin CTF write-up by Arpox
- ConsenSys Dilligence Ethereum Hacking Challenge – 2018
- Code Blue PolySwarm Challenge – 2018
- PolySwarm Smart Contract Hacking Challenge Writeup by Arseny Reutov
- Real World CTF (Acoraida Monica Challenge) – 2018
- Challenge files and Solution by LiveOverflow
- Ethereum Smart Contract Code Review #1 – Real World CTF 2018 by LiveOverflow
- Jump Oriented Programming: Ethereum Smart Contract #2 – Real World CTF 2018 by LiveOverflow
- Authio Solidity CTF
- Challenges:
- Solidity CTF – Part 1: “Function Types
- Solidity CTF — Part 2: “Safe Execution”by Alexander Wade
- Solidity CTF — Part 3: “HoneyPot” by Alexander Wade
- Solidity CTF — Part 4: Read the Fine Print by Alex Towle
- Solidity CTF – Part 5: Mirror Madness by Paul Vienhage
- ZeroNights ICO Hacking Contest – 2017
- ZeroNights ICO Hacking Contest Writeup by Arseny Reutov