-
Notifications
You must be signed in to change notification settings - Fork 119
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Registration @wyeeeh
- Loading branch information
Showing
1 changed file
with
60 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
--- | ||
timezone: America/Los_Angeles | ||
--- | ||
|
||
|
||
# Ye | ||
|
||
1. 自我介绍 | ||
- 清华-南加大 Communication Data Science 25'硕士在读,链上数据分析2年经验,Dune [@wyeeeh](https://dune.com/wyeeeh)。因为对链上数据的分析离不开合约解析,希望通过共学计划掌握Solidity的基础开发知识,能更好读懂合约的function和event。 | ||
|
||
2. 你认为你会完成本次残酷学习吗? | ||
- 有激励就有野心,之前完成过Sixdegree Lab和BuidlerDAO发起的Dune Analytics共学计划。 | ||
|
||
## Notes | ||
|
||
<!-- Content_START --> | ||
|
||
### 2024.09.23 | ||
|
||
學習內容: | ||
- A 系列的 Ethernaut CTF, 之前做了差不多了. POC: [ethernaut-foundry-solutions](https://github.com/SunWeb3Sec/ethernaut-foundry-solutions) | ||
- A 系列的 QuillAudit CTF 題目的網站關掉了, 幫大家收集了[題目](./Writeup/SunSec/src/QuillCTF/), 不過還是有幾題沒找到. 有找到題目的人可以在發出來. | ||
- A 系列的 DamnVulnerableDeFi 有持續更新, 題目也不錯. [Damn Vulnerable DeFi](https://github.com/theredguild/damn-vulnerable-defi/tree/v4.0.0). | ||
- 使用 [Foundry](https://book.getfoundry.sh/) 在本地解題目, 可以參考下面 RoadClosed 為例子 | ||
- ``forge test --match-teat testRoadClosedExploit -vvvv`` | ||
#### [QuillAudit CTF - RoadClosed](./Writeup/SunSec/src/QuillCTF/RoadClosed.sol) | ||
``` | ||
function addToWhitelist(address addr) public { | ||
require(!isContract(addr), "Contracts are not allowed"); | ||
whitelistedMinters[addr] = true; | ||
} | ||
function changeOwner(address addr) public { | ||
require(whitelistedMinters[addr], "You are not whitelisted"); | ||
require(msg.sender == addr, "address must be msg.sender"); | ||
require(addr != address(0), "Zero address"); | ||
owner = addr; | ||
} | ||
function pwn(address addr) external payable { | ||
require(!isContract(msg.sender), "Contracts are not allowed"); | ||
require(msg.sender == addr, "address must be msg.sender"); | ||
require(msg.sender == owner, "Must be owner"); | ||
hacked = true; | ||
} | ||
function pwn() external payable { | ||
require(msg.sender == pwner); | ||
hacked = true; | ||
} | ||
``` | ||
- 解決這個題目需要成為合約的 owner 和 hacked = true. | ||
- On-chain: 可以透過 ``cast send`` 或是 forge script 來解. | ||
- Local: 透過 forge test 通常是在local解題, 方便 debug. | ||
- RoadClosed 為例子我寫了2個解題方式. testRoadClosedExploit 和 testRoadClosedContractExploit (因為題目有檢查msg.sender是不是合約, 所以可以透過constructor來繞過 isContract) | ||
- [POC](./Writeup/SunSec/test/QuillCTF/RoadClosed.t.sol) | ||
|
||
### | ||
|
||
<!-- Content_END --> |