Merge pull request #1 from SpC242/SpongeChang001-patch-1

Create Sponge
DeFiHackLabs · Sep 13, 2024 · cdee267 · cdee267
2 parents 389cbc9 + 0975060
commit cdee267
Showing 1 changed file with 60 additions and 0 deletions.
diff --git a/Sponge.md b/Sponge.md
@@ -0,0 +1,60 @@
+---
+timezone: Asia/Shanghai
+---
+
+
+# Sponge
+
+1. 自我介绍
+  Hi!大家好，我是Sponge，今年六月初剛開始學習區塊鏈、加密貨幣、Web3，最近剛好學完WTF Solidity的101、102，藉此機會再複習一次，希望能和大家一起持續學習!
+
+2. 你认为你会完成本次残酷学习吗？
+  一定可以的!!!!
+
+## Notes
+
+<!-- Content_START -->
+
+### 2024.09.23
+
+學習內容: 
+- A 系列的 Ethernaut CTF, 之前做了差不多了. POC: [ethernaut-foundry-solutions](https://github.com/SunWeb3Sec/ethernaut-foundry-solutions)
+- A 系列的 QuillAudit CTF 題目的網站關掉了, 幫大家收集了[題目](./Writeup/SunSec/src/QuillCTF/), 不過還是有幾題沒找到. 有找到題目的人可以在發出來.
+- A 系列的 DamnVulnerableDeFi 有持續更新, 題目也不錯. [Damn Vulnerable DeFi](https://github.com/theredguild/damn-vulnerable-defi/tree/v4.0.0).
+- 使用 [Foundry](https://book.getfoundry.sh/) 在本地解題目, 可以參考下面 RoadClosed 為例子
+- ``forge test --match-teat testRoadClosedExploit -vvvv``
+#### [QuillAudit CTF - RoadClosed](./Writeup/SunSec/src/QuillCTF/RoadClosed.sol)
+```
+  function addToWhitelist(address addr) public {
+    require(!isContract(addr), "Contracts are not allowed");
+    whitelistedMinters[addr] = true;
+  }
+
+  function changeOwner(address addr) public {
+    require(whitelistedMinters[addr], "You are not whitelisted");
+    require(msg.sender == addr, "address must be msg.sender");
+    require(addr != address(0), "Zero address");
+    owner = addr;
+  }
+
+  function pwn(address addr) external payable {
+    require(!isContract(msg.sender), "Contracts are not allowed");
+    require(msg.sender == addr, "address must be msg.sender");
+    require(msg.sender == owner, "Must be owner");
+    hacked = true;
+  }
+
+  function pwn() external payable {
+    require(msg.sender == pwner);
+    hacked = true;
+  }
+```
+- 解決這個題目需要成為合約的 owner 和 hacked = true.
+- On-chain: 可以透過 ``cast send`` 或是 forge script 來解.
+- Local: 透過 forge test 通常是在local解題, 方便 debug.
+- RoadClosed 為例子我寫了2個解題方式. testRoadClosedExploit 和 testRoadClosedContractExploit (因為題目有檢查msg.sender是不是合約, 所以可以透過constructor來繞過 isContract)
+- [POC](./Writeup/SunSec/test/QuillCTF/RoadClosed.t.sol) 
+
+### 
+
+<!-- Content_END -->