From e995d7ee72187383be8d0b1b39431657ed9853f1 Mon Sep 17 00:00:00 2001
From: Ye <sheohun@gmail.com>
Date: Sun, 15 Sep 2024 11:31:01 -0700
Subject: [PATCH] Create wyeeeh.md

Registration @wyeeeh
---
 wyeeeh.md | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 wyeeeh.md

diff --git a/wyeeeh.md b/wyeeeh.md
new file mode 100644
index 00000000..302dccee
--- /dev/null
+++ b/wyeeeh.md
@@ -0,0 +1,60 @@
+---
+timezone: America/Los_Angeles
+---
+
+
+# Ye
+
+1. 自我介绍
+     - 清华-南加大 Communication Data Science 25'硕士在读，链上数据分析2年经验，Dune [@wyeeeh](https://dune.com/wyeeeh)。因为对链上数据的分析离不开合约解析，希望通过共学计划掌握Solidity的基础开发知识，能更好读懂合约的function和event。
+
+2. 你认为你会完成本次残酷学习吗？
+   - 有激励就有野心，之前完成过Sixdegree Lab和BuidlerDAO发起的Dune Analytics共学计划。
+   
+## Notes
+
+<!-- Content_START -->
+
+### 2024.09.23
+
+學習內容: 
+- A 系列的 Ethernaut CTF, 之前做了差不多了. POC: [ethernaut-foundry-solutions](https://github.com/SunWeb3Sec/ethernaut-foundry-solutions)
+- A 系列的 QuillAudit CTF 題目的網站關掉了, 幫大家收集了[題目](./Writeup/SunSec/src/QuillCTF/), 不過還是有幾題沒找到. 有找到題目的人可以在發出來.
+- A 系列的 DamnVulnerableDeFi 有持續更新, 題目也不錯. [Damn Vulnerable DeFi](https://github.com/theredguild/damn-vulnerable-defi/tree/v4.0.0).
+- 使用 [Foundry](https://book.getfoundry.sh/) 在本地解題目, 可以參考下面 RoadClosed 為例子
+- ``forge test --match-teat testRoadClosedExploit -vvvv``
+#### [QuillAudit CTF - RoadClosed](./Writeup/SunSec/src/QuillCTF/RoadClosed.sol)
+```
+  function addToWhitelist(address addr) public {
+    require(!isContract(addr), "Contracts are not allowed");
+    whitelistedMinters[addr] = true;
+  }
+
+  function changeOwner(address addr) public {
+    require(whitelistedMinters[addr], "You are not whitelisted");
+    require(msg.sender == addr, "address must be msg.sender");
+    require(addr != address(0), "Zero address");
+    owner = addr;
+  }
+
+  function pwn(address addr) external payable {
+    require(!isContract(msg.sender), "Contracts are not allowed");
+    require(msg.sender == addr, "address must be msg.sender");
+    require(msg.sender == owner, "Must be owner");
+    hacked = true;
+  }
+
+  function pwn() external payable {
+    require(msg.sender == pwner);
+    hacked = true;
+  }
+```
+- 解決這個題目需要成為合約的 owner 和 hacked = true.
+- On-chain: 可以透過 ``cast send`` 或是 forge script 來解.
+- Local: 透過 forge test 通常是在local解題, 方便 debug.
+- RoadClosed 為例子我寫了2個解題方式. testRoadClosedExploit 和 testRoadClosedContractExploit (因為題目有檢查msg.sender是不是合約, 所以可以透過constructor來繞過 isContract)
+- [POC](./Writeup/SunSec/test/QuillCTF/RoadClosed.t.sol) 
+
+### 
+
+<!-- Content_END -->