ctfnote
  • /home/ret2basic.eth
  • Game Hacking
    • βœ…C++
    • Ghidra
    • Cheat Engine
    • Proxy
    • DLL injection
    • Keygen
    • Aimbot
  • Web3 Security Research
    • πŸ‘‘Web3 Security Research Trivia
    • βœ…Solidity
      • βœ…Mastering Ethereum
      • βœ…Storage
      • βœ…Memory
      • βœ…Calldata
      • βœ…ABI
    • βœ…Foundry
      • βœ…Introduction
      • βœ…How to Write Basic Tests
      • βœ…Set Soliditiy Compiler Version
      • βœ…Remappings
      • βœ…Auto Format Code
      • βœ…Console Log
      • βœ…Authentication
      • βœ…Error
      • βœ…Event
      • βœ…Time
      • βœ…Send ETH
      • βœ…Signature
      • βœ…Fork
      • βœ…Mint 1 Million DAI on Mainnet Fork
      • βœ…FFI
      • βœ…Fuzz
      • βœ…Invariant Testing - Part 1
      • Invariant Testing - Part 2
      • Invariant Testing - Part 3
      • Differential Test
    • βœ…Secureum
      • βœ…Epoch 0
        • βœ…Slot 1: Ethereum 101
          • βœ…Notes
          • βœ…Ethereum Whitepaper
          • βœ…Extra Study: What happens when you send 1 DAI
          • βœ…Quiz
        • βœ…Slot 2: Solidity 101
          • βœ…Notes
          • βœ…OpenZeppelin ERC20
          • βœ…OpenZeppelin ERC721
          • βœ…OpenZeppelin Ownable
          • βœ…OpenZeppelin Pausable
          • βœ…OpenZeppelin ReentrancyGuard
          • βœ…Quiz
        • βœ…Slot 3: Solidity 201
          • βœ…Notes
          • βœ…OpenZeppelin SafeERC20
          • βœ…OpenZeppelin ERC-777
          • βœ…OpenZeppelin ERC-1155
          • βœ…OpenZeppelin ERC-3156
          • βœ…OpenZeppelin - Proxy Upgrade Pattern
          • βœ…Quiz
        • βœ…Slot 4: Pitfalls and Best Practices 101
          • βœ…Notes
          • βœ…Intro to Security First Development
          • βœ…Quiz
        • βœ…Slot 5: Pitfalls and Best Practices 201
          • βœ…Notes
          • So you want to use a price oracle
          • The Dangers of Surprising Code
          • βœ…Quiz
        • βœ…Slot 6: Auditing Techniques & Tools 101
          • βœ…Notes
          • βœ…Quiz
        • βœ…Slot 7: Audit Findings 101
          • Notes
          • βœ…Fei Protocol - ConsenSys
          • βœ…Uniswap V3 - Trail of Bits
          • βœ…Chainlink - Sigma Prime
          • βœ…Opyn Gamma - OpenZeppelin
          • βœ…Quiz
        • βœ…Slot 8: Audit Findings 201
          • Notes
          • 1inch Liquidity - Consensus
          • Original Dollar - Trail of Bits
          • Synthetix EtherCollateral - Sigma Prime
          • Holdefi - OpenZeppelin
          • Quiz
      • βœ…Epoch ∞
        • βœ…RACE #4 - ERC20 Implementation
        • βœ…RACE #5 - ERC1155 Implementation
        • βœ…RACE #6 - ERC721 Application
        • βœ…RACE #7 - Bored Ape
        • βœ…RACE #8 - ERC721 Roles
        • βœ…RACE #9 - Proxy
        • βœ…RACE #10 - Test Cases
        • βœ…RACE #11 - Staking
        • βœ…RACE #12 - ERC20 Permit
        • βœ…RACE #13 - ERC20 with Callback
        • βœ…RACE #14 - Lending
        • βœ…RACE #15 - DEX
        • βœ…RACE #16 - Flash Loan
        • βœ…RACE #17
    • DeFi
      • Glossary
        • TWAP vs. VWAP
        • Tranches
      • DeFi MOOC
        • Lecture 2: Introduction to Blockchain Technologies
        • Lecture 5: DEX
        • Lecture 6: Decentralized Lending
        • Lecture 10: Privacy on the Blockchain
        • Lecture 12: Practical Smart Contract Security
        • Lecture 13: DeFi Security
      • Uniswap V2
      • Compound V3
        • βœ…Whitepaper
        • βœ…Interacting with Compound
          • βœ…Supply and Redeem
          • βœ…Borrow and Repay
          • βœ…Liquidation
          • βœ…Long and Short
        • βœ…Interest Model
        • CToken
      • Aave
      • Chainlink
        • βœ…Getting Started
        • βœ…Data Feeds
        • βœ…VRF
      • Optimism
        • Bedrock
      • LayerZero
      • Opensea
        • Seaport
    • EVM
      • βœ…Andreas Antonopoulos - The Ethereum Virtual Machine
      • βœ…Program The Blockchain - Smart Contract Storage
      • βœ…EVM Codes - EVM Playground for Opcodes
      • βœ…Fvictorio - EVM Puzzles
      • βœ…Daltyboy11 - More EVM Puzzles
      • βœ…EVM Through Huff
      • Noxx - EVM Deep Dives
      • βœ…Jordan McKinney - EVM Explained
      • Openzepplin - Deconstructing a Solidity Contract
      • Jeancvllr - EVM Assembly
      • Peter Robinson - Solidity to Bytecode, Memory & Storage
      • Marek Kirejczyk - Ethereum Under The Hood
      • βœ…Official Solidity Docs
      • Dissecting EVM using go-ethereum Eth client implementation - deliriusz.eth
    • Vulnerabilities
      • Rounding Issues
        • Kyberswap
      • Bridges
      • Governance / Voting Escrows
      • Bizzare Bug Classes
        • TIME - ERC2771Context + Multicall calldata manipulation
    • Fancy Topics
      • Vulnerabilities SoK
        • βœ…Demystifying Exploitable Bugs in Smart Contracts
        • Blockchain Hacking Techniques 2022 Top 10 - Todo
      • yAcademy
        • Proxies
          • yAcademy - Proxy Basics
          • yAcademy - Proxies Deep Dive
          • yAcademy - Security Guide to Proxy Vulns
        • defi-fork-bugs
      • Spearbit
        • βœ…Community Workshop: Riley Holterhus
        • Economic Security with fmrmf
        • Numerical Analysis for DeFi Audits: A TWAMM Case Study by Kurt Barry
  • Red Teaming
    • βœ…Enumeration
      • Service Enumeration
        • SMTP (Port 25)
        • Samba (Port 139, 445)
        • SNMP (Port 161,162,10161,10162)
        • rsync (Port 873)
        • NFS (Port 2049)
        • Apache JServ Protocol (Port 8081)
        • NetBIOS
      • Nmap
      • Gobuster / Feroxbuster / FUFF / Wfuzz
      • Drupal
    • βœ…Exploitation
      • Public Exploits
      • PHP Webshells
      • Reverse Shell
      • TTY
      • File Transfer
      • Metasploit
      • Password Spray
    • βœ…Buffer Overflow
      • Step 0: Spiking (Optional)
      • Step 1: Fuzzing
      • Step 2: Finding the Offset
      • Step 3: Overwriting the EIP
      • Step 4: Finding Bad Characters
      • Step 5: Finding the Right Module
      • Step 6: Generating Shellcode and Gaining Root
    • βœ…Privilege Escalation
      • Linux Privilege Escalation
        • Linux Permissions
        • Manual Enumeration
        • Automated Tools
        • Kernel Exploits
        • Passwords and File Permissions
        • SSH Keys
        • Sudo
        • SUID
        • Capabilities
        • Cron Jobs
        • NFS Root Squashing
        • Docker
        • GNU C Library
        • Exim
        • Linux Privilege Escalation Course Capstone
      • Windows Privilege Escalation
        • Manual Enumeration
        • Automated Tools
        • Kernel Exploits
        • Passwords and Port Forwarding
        • WSL
        • Token Impersonation and Potato Attacks
        • Meterpreter getsystem
        • Runas
        • UAC Bypass
        • Registry
        • Executable Files
        • Startup Applications
        • DLL Hijacking
        • Service Permissions (Paths)
        • CVE-2019-1388
        • HiveNightmare
        • Bypass Space Filter
    • βœ…Post Exploitation
      • Linux Post Exploitation
        • Add a User
        • SSH Key
      • Windows Post Exploitation
        • windows-resources
        • Add a User
        • RDP
    • βœ…Pivoting
      • Windows: Chisel
      • Linux: sshuttle
    • Active Directory (AD)
      • Initial Compromise
        • HTA Phishing
        • VBA Macro Phishing
        • LLMNR Poisoning
        • SMB Relay
        • GPP / cPassword
      • Domain Enumeration
        • Manual Enumeration
        • PowerView
        • BloodHound
      • Lateral Movement
        • PsExec
        • WMI
        • Runas
        • Pass the Hash
        • Overpass the Hash
        • Pass the Ticket
      • Kerberos
        • Kerberoast
        • AS-REP Roast
      • MS SQL Server
    • Command & Control (C2)
      • Cobalt Strike
        • Bypassing Defences
          • Artifact Kit
          • Resource Kit
          • AMSI Bypass
          • PowerPick
        • Extending Cobalt Strike
          • Elevate Kit
          • Malleable C2 Profile
      • Metasploit
        • Payloads
        • Post Exploitation
        • Automation
      • C2 Development
    • Malware Development
      • "Hot Dropper"
      • PE Format
        • Overview
      • Process Injection
      • Reflective DLL
      • x86 <=> x64
      • Hooking
      • VeraCry
      • Offensive C#
      • AV Evasion
        • AV Evasion with C# and PowerShell
        • AMSI Bypass
  • Cryptography
    • Hash Functions
    • MAC
    • AES
      • Byte at a Time
      • CBC CCA
      • CBC Bit Flipping
      • CBC Padding Oracle
    • Diffie-Hellman
    • RSA
      • Prime Factors
      • Multiple Ciphertexts
      • Low Public Exponent
      • Low Private Exponent
    • ECC
    • Digital Signature
    • JWT
    • PRNG
    • SSL/TLS
    • Research
      • βœ…Lattice-based Cryptography (Lattice)
      • Elliptic Curve Cryptography (ECC)
      • Oblivious Transfer (OT)
      • Secure Multi-party Computation (MPC)
      • Learning with Error (LWE)
      • Fully Homomorphic Encryption (FHE)
      • Zero Knowledge Proof (ZKP)
      • Oblivious RAM (ORAM)
  • Computer Science
    • Linux
      • Setup
      • curl
      • Hard Link vs. Symlink
      • Man Page
      • /dev/null
    • Python
      • New Features
      • Operators, Expressions, and Data Manipulation
      • Program Structure and Control Flow
      • Objects, Types, and Protocols
      • Functions 101
      • Generators
      • Classes and Object-Oriented Programming
      • Memory Management
      • Concurrency and Parallelism
        • Multithreading and Thread Safety
        • Asynchronization
        • Multiprocessing
        • Global Interpreter Lock (GIL)
      • Built-in Functions and Standard Library
        • import collections
        • import itertools
        • import sys
        • import re
        • import pickle
        • import json
      • Third-party Library
        • from pwn import *
        • import requests
        • from bs4 import BeautifulSoup
        • from scapy.all import *
        • py2exe
    • HTML, CSS, JavaScript, and React
      • HTML
      • CSS
      • JavaScript
        • var vs. let
        • Objects
        • Arrays
        • Functions
        • Modules
        • Asynchronous JavaScript
      • React
    • Data Structures and Algorithms
      • Binary Search
    • The Linux Programming Interface
      • Processes
        • Memory Allocation
        • The Process API
        • Process Creation
        • Process Termination
        • Monitoring Child Processes
        • Program Execution
      • Signals
      • Threads
        • Thread Synchronization
        • Thread Safety and Pre-Thread Storage
      • IPC
        • Pipes and FIFOs
        • Memory Mappings
        • Virtual Memory Operations
      • Sockets
    • Computer Systems
      • Hexadecimal
      • Signedness
      • Registers
      • Instructions
      • Syscall
      • Process Memory
      • Stack Frame
      • Preemptive Multitasking
      • IPC
      • Threads
    • Databases
      • MySQL
        • Basic Syntax
        • Data Types
        • Modifying Tables
        • Duplicating and Deleting
        • SELECT
        • Transaction
      • GraphQL
    • Distributed Systems
      • Introduction
        • What is a Distributed System?
        • Design Goals
        • Scaling Techniques
        • Types of Distributed Systems
      • Architecture
        • System Architectures
        • Example Architectures
      • Communication
        • Foundations
        • Remote Procedure Call
        • Message-oriented Communication
      • Coordination
        • Clock Synchronization
        • Logical Clock
      • Consistency and Replication
        • Introduction
        • Data-centric Consistency
        • Client-centric Consistency
    • Static Analysis
      • Intermediate Representation
      • Data Flow Analysis
      • Interprocedural Analysis
      • Pointer Analysis
      • Static Analysis for Security
      • Datalog-Based Program Analysis
      • Soundness and Soundiness
      • CFL-Reachability and IFDS
  • Web
    • βœ…Prerequisites
      • OWASP Top 10
        • 1. Broken Access Control
        • 2. Cryptographic Failures
        • 3. Injection
        • 4. Insecure Design
        • 5. Security Misconfiguration
        • 6. Vulnerable and Outdated Components
        • 7. Identification and Authentication Failures
        • 8. Software and Data Integrity Failures
        • 9. Security Logging and Monitoring Failures
        • 10. SSRF
      • HTTP
        • HTTP Status Codes
        • HTTP Headers
      • Burp Suite
        • Burp Intruder
        • Burp Extender
        • Burp Collaborator
      • Information Gathering
        • DNS
        • Git
        • Editor
        • Server
      • Bug Bounty Report Writing
    • File Upload
      • Webshell
      • IIS, Nginx, and Apache Vulnerabilities
      • .htaccess (Apache) / web.config (IIS)
      • Alternate Data Stream
      • Code Review: bWAPP Unrestricted File Upload
    • SQL Injection (SQLi)
      • Cheat Sheet
      • UNION Attacks
      • Examining the Database
      • Blind SQL Injection
      • WAF Bypass
      • Out-Of-Band (OOB)
      • Webshell and UDF
      • sqlmap
        • Code Review: Initialization
        • Code Review: tamper
    • Cross-Site Scripting (XSS)
      • Cheat Sheet
      • Reflected XSS
      • Stored XSS
      • DOM-Based XSS
      • XSS Contexts
      • CSP
    • CSRF and SSRF
      • Client-Side Request Forgery (CSRF)
        • XSS vs. CSRF
        • CSRF Tokens and SameSite Cookies
      • Server-Side Request Forgery (SSRF)
        • Attacks
        • Bypassing Restrictions
        • SSRF + Redis
    • XML External Entities (XXE)
    • Insecure Deserialization
      • Python Deserialization
      • PHP Deserialization
      • Java Deserialization
        • Shiro
        • FastJSON
        • WebLogic
    • HTTP Request Smuggling
    • OS Command Injection
      • Whitespace Bypass
      • Blacklist Bypass
      • Blind OS Command Injection
      • Lab 1: HITCON 2015 BabyFirst
      • Lab 2: HITCON 2017 BabyFirst Revenge
      • Lab 3: HITCON 2017 BabyFirst Revenge v2
    • βœ…Directory Traversal
    • HTTP Parameter Pollution
    • Server-Side Template Injection (SSTI)
    • LDAP Injection
    • Redis
      • Authentication
      • RCE
      • Mitigations
  • Pwn
    • Linux Exploitation
      • Protections
      • Shellcoding
        • Calling Convention
        • Null-free
        • Reverse Shell
        • ORW
      • ROP
        • Stack Alignment
        • ret2text
        • ret2syscall
        • ret2libc
        • ret2csu
        • BROP
        • SROP
        • Stack Pivot
      • ptmalloc
        • chunks
        • malloc() and free()
        • bins
        • tcache
      • UAF
      • Race Conditions
        • TOCTTOU
        • Dirty Cow
        • Meltdown
        • Spectre
      • Kernel
      • Appendix: Tools
        • socat
        • LibcSearcher-ng
        • OneGadget
    • Windows Exploitation
      • Classic
      • SEH
      • Egghunting
      • Unicode
      • Shellcoding
      • ROP
      • Appendix: Tools
        • ImmunityDbg
        • Mona.py
    • Fuzzing
      • AFL++
        • Quickstart
        • Instrumentation
        • ASAN
        • Code Coverage
        • Dictionary
        • Parallelization
        • Partial Instrumentation
        • QEMU Mode
        • afl-libprotobuf-mutator
      • WinAFL
      • Fuzzilli
  • Reverse
    • Bytecode
      • Python Bytecode
    • πŸ‘‘Z3 solver
    • angr
      • angr Template
Powered by GitBook
On this page
  • Question 1
  • Question 2
  • Question 3
  • Question 4 - This one tricky
  • Question 5
  • Question 6
  • Question 7
  • Question 8

Was this helpful?

  1. Web3 Security Research
  2. Secureum
  3. Epoch ∞

RACE #17

PreviousRACE #16 - Flash LoanNextDeFi

Last updated 2 years ago

Was this helpful?

Note: All 8 questions in this RACE are based on the below contract. This is the same contract you will see for all the 8 questions in this RACE. The question is below the shown contract.

pragma solidity 0.8.19;


import {Pausable} from "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/security/Pausable.sol";
import {IERC20} from "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/IERC20.sol";
import {SafeERC20} from "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/utils/SafeERC20.sol";


interface IWETH is IERC20 {
   function deposit() external payable;
   function withdraw(uint256) external;
}


contract Vault is Pausable {
   using SafeERC20 for IWETH;


   address public immutable controller;
   IWETH public immutable WETH;


   // about 4700 ETH
   uint72 public constant TOTAL_CONTRIBUTION_CAP = type(uint72).max;
   // ALLOWANCE_CAP = 40% of TOTAL_CONTRIBUTION_CAP
   uint256 public immutable ALLOWANCE_CAP = 40 * uint256(TOTAL_CONTRIBUTION_CAP) / 100;
   uint72 public totalContributions;
   mapping (address => uint72) individualContributions;


   uint256 numContributors;
   event ContributorsUpdated(address newContributor, uint256 indexed oldNumContributors, uint256 indexed newNumContributors);


   constructor(address _controller, IWETH _weth) {
       controller = _controller;
       WETH = _weth;
   }


   function deposit(uint72 amount) external payable whenNotPaused {
       if (msg.value > 0) {
           WETH.deposit{value: amount}();
       } else {
           WETH.transferFrom(msg.sender, address(this), amount);
       }
       require((totalContributions += amount) <= TOTAL_CONTRIBUTION_CAP, "cap exceeded");
       if (individualContributions[msg.sender] == 0) emit ContributorsUpdated(msg.sender, numContributors, numContributors++);
       individualContributions[msg.sender] += amount;
   }


   function withdraw(uint72 amount) external whenNotPaused {
       individualContributions[msg.sender] -= amount;
       totalContributions -= amount;
       // unwrap and call
       WETH.withdraw(amount);
       (bool success, ) = payable(address(msg.sender)).call{value: amount}("");
       require(success, "failed to transfer ETH");
   }


   function requestAllowance(uint256 amount) external {
       // ALLOWANCE_CAP is 40% of TOTAL_CAP
       uint256 allowanceCap = ALLOWANCE_CAP;
       uint256 allowance = amount > totalContributions ? allowanceCap : amount;
       WETH.safeApprove(controller, allowance);
   }


   // for unwrapping WETH -> ETH
   receive() external payable {
       require(msg.sender == address(WETH), "only WETH contract");
   }
}

deposit() can revert:

Comment:

A: If the ether (msg.value) provided with the call to deposit() is less than the specified amount, the attempt to call WETH.deposit() will revert.

B: If no ether was provided with the call and the caller has an insufficient balance of WETH, or given insufficient approval to their WETH balance, the attempt to call WETH.transferFrom() will revert.

C: For the "cap exceeded" error to be thrown, totalContributions + amount > TOTAL_CONTRIBUTION_CAP. But TOTAL_CONTRIBUTION_CAP = type(uint72).max and totalContributions is uint72. So the attempt to add an amount to totalContributions that would make it larger than type(uint72).max would revert from an integer overflow error before the require() ever could. This makes the require() basically redundant and it can be removed.

D: The deposit() function is a external. An attempt to call it internally would not revert but never compile in the first place. The contract could still call this function via this.deposit() though, which would make the contract CALL itself like it would an external contract.

What issues pertain to the deposit() function?

Comment:

A: For a re-entrancy an unsafe external call needs to be made. All the external calls being made within the deposit() are to the trusted WETH contract which does also not have any sender callbacks/hooks like an ERC777 would have.

B/C: If the specified amount was larger than the sent msg.value, the function would revert. But on the other hand, if the amount was smaller than the actual sent msg.value the deposit would only handle the amount and the rest of the ether would be locked in the Vault contract.

D: The fact that totalContributionCap isn't enforced on an individual level does not cause an issue as totalContributions's value would revert before any individual contributor would be able to make deposits beyond the cap.

Which of the following is/are true about withdraw()?

Comment:

A: The withdraw() function follows the Checks-Effects-Interactions pattern: (Check) Subtracting the amount from the individual's contribution would revert if the integer were to underflow. (Effect) The individual contributor's balance is updated before the value is transferred. (Interactions) The unsafe external call to the msg.sender is only made once all Checks and Effects have been applied. Re-entering the contract would not allow draining any funds.

B: It's true that there's improper accounting, but the effect is that funds would be stuck, not drained.

C: As only 63/64 gas is forwarded, the function should have sufficient gas remaining for execution (hence the high gas limit assumption).

D: True, if msg.sender reverts (eg. is a contract that lacks payable / fallback function).

Question 4 - This one tricky

Which of the following parameters are correctly emitted in the ContributorsUpdated() event?

Comment:

A: Option A is understandably ambiguous: if withdrawals were working, then you could have an existing contributor be recognized as a new one. Nevertheless, in its current state, we can take it to emit for only legitimately new contributors.

C: One of the most common gas optimizations seen in Code4rena reports is how the prefix increment (++i) is more efficient than postfix (i++). However, most aren't aware of a key difference: Prefix increments returns the value BEFORE the increment, postfix returns the value AFTER.

The vault deployer can pause the following functions:

What is the largest possible allowance given to the controller?

The requestAllowance() implementation would have failed after the 1st call for tokens that only allow zero to non-zero allowances. Which of the following mitigations do NOT work?

Comment:

There are some implementations of ERC20 tokens that require an approval to be reset to 0 before it can be updated to another non-zero value.

The safeIncreaseAllowance() / safeDecreaseAllowance() functions request the current allowance, adding/subtracting the specified amount and then update it by calling approve(). These functions do not set the approval to 0 in between, so for these tokens the function would still fail after the 1st call.

Question 8

Which of the following gas optimizations are relevant in reducing runtime gas costs for the vault contract?

Comment:

A: Changing ALLOWANCE_CAP to be constant would actually consume more runtime gas as the expression would then be evaluated on every call, while with immutable the expression would be calculated during deployment and then become a static value. (Note that there's no difference between these options anymore when the via-IR compilation pipeline and optimization is used).

B: Increasing the optimizer's runs configuration will increase the deployment bytecode size but decrease the gas usage at runtime.

C: The smaller the function's ID the earlier it can be found by the function selector.

D: It wouldn't be safe to use unchecked math in the withdraw() function as it would potentially allow users to withdraw more than they should be able to. (The wording is intended to imply that the entire function's body would be put into an unchecked block.)

Question 1

Question 2

Question 3

B: Generally, it's not safe to make assumptions about the evaluation order of expressions in Solidity. How obscure this can be especially for event emissions has been shown in : "The indexed parameters are evaluated first in right-to-left order, then the non-indexed parameters are evaluated left-to-right". Because of this, the general best practice is to avoid nested expressions whenever possible and do them within separate lines of code.

Question 5

Question 6

Question 7

βœ…
βœ…
βœ…
βœ…
βœ…
βœ…
βœ…
βœ…
βœ…
last year's Underhanded Solidity contest
RACE #17 Of The Secureum Bootcamp Epoch∞ β€’ Ventral DigitalVentral Digital
RACE #17
Logo
RACE #17 result