From 8269cc3d15f39ac78a08daeb856ca6bd18483d85 Mon Sep 17 00:00:00 2001 From: YuChen <102439830+Dandelionlibra@users.noreply.github.com> Date: Thu, 19 Sep 2024 10:22:01 +0800 Subject: [PATCH 1/3] Create Yuchen.md --- Yuchen.md | 119 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 Yuchen.md diff --git a/Yuchen.md b/Yuchen.md new file mode 100644 index 00000000..1e2b4d0a --- /dev/null +++ b/Yuchen.md @@ -0,0 +1,119 @@ +--- +timezone: Asia/Shanghai +--- + +--- + +1. 自我介绍 +大家好,我是Yuchen,目前就讀於資工系3年級,但在此前完全沒有學習過solidity,但一直想學習撰寫智慧合約並學習與區塊鏈相關的知識,希望透過此次機會與大家一起有規劃的學習:)。 + +2. 你认为你会完成本次残酷学习吗? +會,我會盡力在課業之外規劃時間進行學習,相信活動中設計的壓力也可以推動著我努力跟上大家的學習進度。 + +## Notes + + + +### 2024.09.23 + +學習內容: +- A 系列的 Ethernaut CTF, 之前做了差不多了. POC: [ethernaut-foundry-solutions](https://github.com/SunWeb3Sec/ethernaut-foundry-solutions) +- A 系列的 QuillAudit CTF 題目的網站關掉了, 幫大家收集了[題目](./Writeup/SunSec/src/QuillCTF/), 不過還是有幾題沒找到. 有找到題目的人可以在發出來. +- A 系列的 DamnVulnerableDeFi 有持續更新, 題目也不錯. [Damn Vulnerable DeFi](https://github.com/theredguild/damn-vulnerable-defi/tree/v4.0.0). +- 使用 [Foundry](https://book.getfoundry.sh/) 在本地解題目, 可以參考下面 RoadClosed 為例子 +- ``forge test --match-teat testRoadClosedExploit -vvvv`` +#### [QuillAudit CTF - RoadClosed](./Writeup/SunSec/src/QuillCTF/RoadClosed.sol) +``` + function addToWhitelist(address addr) public { + require(!isContract(addr), "Contracts are not allowed"); + whitelistedMinters[addr] = true; + } + + function changeOwner(address addr) public { + require(whitelistedMinters[addr], "You are not whitelisted"); + require(msg.sender == addr, "address must be msg.sender"); + require(addr != address(0), "Zero address"); + owner = addr; + } + + function pwn(address addr) external payable { + require(!isContract(msg.sender), "Contracts are not allowed"); + require(msg.sender == addr, "address must be msg.sender"); + require(msg.sender == owner, "Must be owner"); + hacked = true; + } + + function pwn() external payable { + require(msg.sender == pwner); + hacked = true; + } +``` +- 解決這個題目需要成為合約的 owner 和 hacked = true. +- On-chain: 可以透過 ``cast send`` 或是 forge script 來解. +- Local: 透過 forge test 通常是在local解題, 方便 debug. +- RoadClosed 為例子我寫了2個解題方式. testRoadClosedExploit 和 testRoadClosedContractExploit (因為題目有檢查msg.sender是不是合約, 所以可以透過constructor來繞過 isContract) +- [POC](./Writeup/SunSec/test/QuillCTF/RoadClosed.t.sol) + +--- +### 2024.09.24 + +--- +### 2024.09.25 + +--- +### 2024.09.26 + +--- +### 2024.09.27 + +--- +### 2024.09.28 + +--- +### 2024.09.30 + +--- +### 2024.10.01 + +--- +### 2024.10.02 + +--- +### 2024.10.03 + +--- +### 2024.10.04 + +--- +### 2024.10.05 + +--- +### 2024.10.07 + +--- +### 2024.10.08 + +--- +### 2024.10.09 + +--- +### 2024.10.10 + +--- +### 2024.10.11 + +--- +### 2024.10.12 + +--- +### 2024.10.14 + +--- +### 2024.10.15 + +--- +### 2024.10.16 + + + + From 13f59d89780492a332bfbdbd42c98a359ec964ec Mon Sep 17 00:00:00 2001 From: buttonwild <33722083+buttonwild@users.noreply.github.com> Date: Thu, 19 Sep 2024 10:43:13 +0800 Subject: [PATCH 2/3] Update Yuchen.md --- Yuchen.md | 103 +----------------------------------------------------- 1 file changed, 1 insertion(+), 102 deletions(-) diff --git a/Yuchen.md b/Yuchen.md index 1e2b4d0a..8e071798 100644 --- a/Yuchen.md +++ b/Yuchen.md @@ -3,6 +3,7 @@ timezone: Asia/Shanghai --- --- +#Yuchen 1. 自我介绍 大家好,我是Yuchen,目前就讀於資工系3年級,但在此前完全沒有學習過solidity,但一直想學習撰寫智慧合約並學習與區塊鏈相關的知識,希望透過此次機會與大家一起有規劃的學習:)。 @@ -14,106 +15,4 @@ timezone: Asia/Shanghai -### 2024.09.23 - -學習內容: -- A 系列的 Ethernaut CTF, 之前做了差不多了. POC: [ethernaut-foundry-solutions](https://github.com/SunWeb3Sec/ethernaut-foundry-solutions) -- A 系列的 QuillAudit CTF 題目的網站關掉了, 幫大家收集了[題目](./Writeup/SunSec/src/QuillCTF/), 不過還是有幾題沒找到. 有找到題目的人可以在發出來. -- A 系列的 DamnVulnerableDeFi 有持續更新, 題目也不錯. [Damn Vulnerable DeFi](https://github.com/theredguild/damn-vulnerable-defi/tree/v4.0.0). -- 使用 [Foundry](https://book.getfoundry.sh/) 在本地解題目, 可以參考下面 RoadClosed 為例子 -- ``forge test --match-teat testRoadClosedExploit -vvvv`` -#### [QuillAudit CTF - RoadClosed](./Writeup/SunSec/src/QuillCTF/RoadClosed.sol) -``` - function addToWhitelist(address addr) public { - require(!isContract(addr), "Contracts are not allowed"); - whitelistedMinters[addr] = true; - } - - function changeOwner(address addr) public { - require(whitelistedMinters[addr], "You are not whitelisted"); - require(msg.sender == addr, "address must be msg.sender"); - require(addr != address(0), "Zero address"); - owner = addr; - } - - function pwn(address addr) external payable { - require(!isContract(msg.sender), "Contracts are not allowed"); - require(msg.sender == addr, "address must be msg.sender"); - require(msg.sender == owner, "Must be owner"); - hacked = true; - } - - function pwn() external payable { - require(msg.sender == pwner); - hacked = true; - } -``` -- 解決這個題目需要成為合約的 owner 和 hacked = true. -- On-chain: 可以透過 ``cast send`` 或是 forge script 來解. -- Local: 透過 forge test 通常是在local解題, 方便 debug. -- RoadClosed 為例子我寫了2個解題方式. testRoadClosedExploit 和 testRoadClosedContractExploit (因為題目有檢查msg.sender是不是合約, 所以可以透過constructor來繞過 isContract) -- [POC](./Writeup/SunSec/test/QuillCTF/RoadClosed.t.sol) - ---- -### 2024.09.24 - ---- -### 2024.09.25 - ---- -### 2024.09.26 - ---- -### 2024.09.27 - ---- -### 2024.09.28 - ---- -### 2024.09.30 - ---- -### 2024.10.01 - ---- -### 2024.10.02 - ---- -### 2024.10.03 - ---- -### 2024.10.04 - ---- -### 2024.10.05 - ---- -### 2024.10.07 - ---- -### 2024.10.08 - ---- -### 2024.10.09 - ---- -### 2024.10.10 - ---- -### 2024.10.11 - ---- -### 2024.10.12 - ---- -### 2024.10.14 - ---- -### 2024.10.15 - ---- -### 2024.10.16 - - - From d24806b14de443375e9999ab48bb5624f97ba06d Mon Sep 17 00:00:00 2001 From: buttonwild <33722083+buttonwild@users.noreply.github.com> Date: Thu, 19 Sep 2024 10:43:52 +0800 Subject: [PATCH 3/3] Update Yuchen.md --- Yuchen.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Yuchen.md b/Yuchen.md index 8e071798..2a3c631c 100644 --- a/Yuchen.md +++ b/Yuchen.md @@ -3,7 +3,7 @@ timezone: Asia/Shanghai --- --- -#Yuchen +# Yuchen 1. 自我介绍 大家好,我是Yuchen,目前就讀於資工系3年級,但在此前完全沒有學習過solidity,但一直想學習撰寫智慧合約並學習與區塊鏈相關的知識,希望透過此次機會與大家一起有規劃的學習:)。