add challenges

Author: massun-onibakuchi

.env.example

@@ -25,4 +25,5 @@ hardhat-dependency-compiler/
 coverage
 coverage.json
 
-hints.md
+hints.md
+answer/

.gitignore

@@ -1,45 +1,43 @@
-# Smart Contracts Vulns Hacking
+# Sol Challenge
 
-## Getting Started
+CTF-Like Challenges of smart contracts
 
-### Setup
+## Installing
 
-`yarn`
+### Prerequisites
 
-To run testing on the forking main net, set the APIKEY and mnemonic.
-you need access to an archive node like the free ones from [Alchemy](https://alchemyapi.io/).
-```
-ALCHEMY_API_KEY=
-MNEMONIC=
-BLOCK_NUMBER=
-FORK=false
-```
+- node
+- yarn
 
-### Compiling
+## Setup
 
-`yarn compile`
+Type on a terminal:
+
+```bash
+yarn
+```
 
-### Replaying hack
+### Compiling
 
-The hacks are implemented as hardhat tests and can therefore be run as:
+Type:
 
-`yarn hardhat test test/<name>.ts`
+```bash
+yarn compile
+```
 
-### Debugging transactions with tenderly
+### Testing & Running Challenges
 
-Set up `tenderly.yaml` in the repo root and follow [this article](http://blog.tenderly.co/level-up-your-smart-contract-productivity-using-hardhat-and-tenderly/).
+1. Copy this [template](./test/test.test.ts) to `./test/<*Challenge>.test.ts` file.
+2. Each `<*Challenge.sol>` file contains a description of the challenge.
+3. you solve challenges. write tests to prove the solution works correctly.
 
-TLDR:
+Type:
 
 ```bash
-# run this in second terminal
-npx hardhat node
 # run test against local network
-npx hardhat test test/foo.js --network local
-# you want an actual tx id which means the tx may not fail in eth_estimateGas already
-# therefore hardcode some gas values
-# {value: ethers.utils.parseEther(`100`), gasLimit: `15000000`, gasPrice: ethers.utils.parseUnits(`200`, 9) }
-# the (failed) tx hash appears on the CLI after "eth_sendTransaction"
-# --force is required to skip gas estimation check in tenderly
-tenderly export <txHash> --force
-```
+yarn test test/<*Challenge>.test.ts
+```
+
+### About this challenges
+
+[Slide [ja]](https://docs.google.com/presentation/d/17FKtVC1S29WFnQjq92_SiqGIS6EGuslHsUfuNv-NlXU/edit?usp=sharing)

README.md

@@ -0,0 +1,51 @@
+// SPDX-License-Identifier: GPL-3.0-or-later
+pragma solidity 0.8.10;
+
+import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
+import "@openzeppelin/contracts/utils/Address.sol";
+import "./Batchable.sol";
+
+/// @notice Challenge Description
+/// BankCoin is permission-less token. Drain the balance of deposited ETH.
+contract Bank is ERC20("BankCoin", "BANK"), Batchable {
+    function deposit() external payable {
+        _mint(msg.sender, msg.value);
+    }
+
+    function depositTo(address account) external payable {
+        _mint(account, msg.value);
+    }
+
+    function withdraw(uint256 amount) external {
+        _burn(msg.sender, amount);
+        Address.sendValue(payable(msg.sender), amount);
+    }
+
+    function withdrawFrom(address account, uint256 amount) external {
+        uint256 currentAllowance = allowance(account, msg.sender);
+        require(
+            currentAllowance >= amount,
+            "ERC20: withdraw amount exceeds allowance"
+        );
+        unchecked {
+            _approve(account, msg.sender, currentAllowance - amount);
+        }
+        _burn(account, amount);
+        Address.sendValue(payable(msg.sender), amount);
+    }
+}
+
+contract BankChallenge {
+    Bank public bank;
+
+    constructor() payable {
+        require(msg.value >= 1 ether, "rule: send some ether");
+
+        bank = new Bank();
+        bank.deposit{ value: msg.value }();
+    }
+
+    function isSolved() public view returns (bool) {
+        return address(bank).balance == 0;
+    }
+}

contracts/accounts/BankChallenge.sol

@@ -0,0 +1,45 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.10;
+
+/// @dev The batch function works by making multiple DELEGATECALLs to itself.
+/// @notice reference: sushiswap Miso https://github.com/sushiswap/miso/blob/44b51769b614826c50d8f5c55cb60094fa1c7bad/contracts/Utils/BoringBatchable.sol
+abstract contract Batchable {
+    /// @dev Helper function to extract a useful revert message from a failed call.
+    /// If the returned data is malformed or not correctly abi encoded then this call can fail itself.
+    function _getRevertMsg(bytes memory _returnData)
+        internal
+        pure
+        returns (string memory)
+    {
+        // If the _res length is less than 68, then the transaction failed silently (without a revert message)
+        if (_returnData.length < 68) return "Transaction reverted silently";
+
+        assembly {
+            // Slice the sighash.
+            _returnData := add(_returnData, 0x04)
+        }
+        return abi.decode(_returnData, (string)); // All that remains is the revert string
+    }
+
+    /// @notice Allows batched call to self (this contract).
+    /// @param calls An array of inputs for each call.
+    /// @param revertOnFail If True then reverts after a failed call and stops doing further calls.
+    /// @return successes An array indicating the success of a call, mapped one-to-one to `calls`.
+    /// @return results An array with the returned data of each function call, mapped one-to-one to `calls`.
+    function batch(bytes[] calldata calls, bool revertOnFail)
+        external
+        payable
+        returns (bool[] memory successes, bytes[] memory results)
+    {
+        successes = new bool[](calls.length);
+        results = new bytes[](calls.length);
+        for (uint256 i = 0; i < calls.length; i++) {
+            (bool success, bytes memory result) = address(this).delegatecall(
+                calls[i]
+            );
+            require(success || !revertOnFail, _getRevertMsg(result));
+            successes[i] = success;
+            results[i] = result;
+        }
+    }
+}

contracts/accounts/Batchable.sol

@@ -0,0 +1,29 @@
+// SPDX-License-Identifier:GPL-3.0-or-later
+pragma solidity 0.8.10;
+
+/// @notice Challenge Description
+/// This vault allows anyone to withdraw deposited ether freely.
+/// You can get money for free
+contract OpenVaultChallenge {
+    bool public isSolved;
+
+    constructor() payable {
+        require(msg.value >= 1, "rule: send at least one wei");
+    }
+
+    function withdraw() external {
+        require(
+            tx.origin != msg.sender,
+            "tx.origin is not equal to msg.sender"
+        );
+        require(!isContract(msg.sender), "invalid sender");
+
+        payable(msg.sender).transfer(address(this).balance);
+
+        isSolved = true;
+    }
+
+    function isContract(address _account) public view returns (bool) {
+        return _account.code.length > 0;
+    }
+}

contracts/accounts/OpenValutChallenge.sol

@@ -0,0 +1,15 @@
+// SPDX-License-Identifier:GPL-3.0-or-later
+pragma solidity 0.7.6;
+
+/// @notice Challenge Description
+/// Make `isSolved` true
+contract WeirdVaultChallenge {
+    bool public isSolved;
+
+    function complete() external {
+        require(address(this).balance != 0, "balance zero");
+        payable(msg.sender).transfer(address(this).balance);
+
+        isSolved = true;
+    }
+}

contracts/accounts/WeirdVaultChallenge.sol

@@ -0,0 +1,19 @@
+// SPDX-License-Identifier:GPL-3.0-or-later
+pragma solidity 0.7.6;
+
+/// @notice Challenge Description
+/// Guess two numbers which satisfy conditions.
+contract GuessTheNumberChallenge {
+    bool public isSolved;
+    uint256 public MAX_UINT256 = uint256(-1);
+
+    function input(uint256 a, uint256 b) external {
+        if (a == (b + 1000) && b > a) {
+            isSolved = true;
+        }
+    }
+
+    function hint() external view returns (uint256) {
+        return MAX_UINT256 + 1;
+    }
+}

contracts/math/GuessTheNumberChallenge.sol

@@ -0,0 +1,18 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.0;
+
+import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
+
+contract ERC20Mock is ERC20 {
+    // solhint-disable-next-line no-empty-blocks
+    constructor(string memory name, string memory symbol) ERC20(name, symbol) {}
+
+    function mint(address account, uint256 amount) external {
+        _mint(account, amount);
+    }
+
+    function burn(address account, uint256 amount) external {
+        _burn(account, amount);
+    }
+}

contracts/mocks/ERC20Mock.sol

@@ -0,0 +1,31 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.8.10;
+
+import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
+
+/// @title WETH9 Mock: https://etherscan.io/address/0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2
+///        WETH9 does not emit `Transfer` events when deposit/withdraw methods are called. but this mock does
+contract WETHMock is ERC20("Wrapped ETH", "WETH") {
+    event Deposit(address indexed dst, uint256 wad);
+    event Withdrawal(address indexed src, uint256 wad);
+
+    /// @dev Original WETH9 implements `fallback` function instead of `receive` function due to a earlier solidity version
+    fallback() external payable {
+        deposit();
+    }
+
+    function deposit() public payable {
+        _mint(msg.sender, msg.value);
+        emit Deposit(msg.sender, msg.value);
+    }
+
+    function withdraw(uint256 wad) public {
+        require(balanceOf(msg.sender) >= wad, "weth: insufficient balance");
+
+        _burn(msg.sender, wad);
+        (bool success, ) = msg.sender.call{ value: wad }("");
+        require(success, "weth: failed");
+
+        emit Withdrawal(msg.sender, wad);
+    }
+}

contracts/mocks/WETHMock.sol

@@ -0,0 +1,86 @@
+// SPDX-License-Identifier: GPL-3.0-or-later
+pragma solidity 0.8.10;
+
+import "@openzeppelin/contracts/token/ERC721/ERC721.sol";
+
+/// @notice Challenge Description
+/// You can mint awesome nfts. but the nft contract limits the number of nft you can buy at a time. Mint at least 100 nfts within one transaction.
+interface INft {
+    function mint(uint256 numberOfNfts) external payable;
+
+    function getNFTPrice() external returns (uint256 price);
+}
+
+contract Nft is INft, ERC721("Awesome NFT", "AWESOMENFT") {
+    uint256 private constant MAX_NFT_SUPPLY = 1_000;
+    uint256 private constant ONE_ETHER = 1e18;
+
+    uint256 public totalSupply;
+
+    address public owner;
+
+    address public pendingOwner;
+
+    function mint(uint256 numberOfNfts) public payable override {
+        uint256 _totalSupply = totalSupply;
+
+        require(numberOfNfts > 0, "numberOfNfts cannot be 0");
+        require(
+            numberOfNfts <= 30,
+            "You may not buy more than 30 NFTs at once"
+        );
+        require(
+            _totalSupply + numberOfNfts <= MAX_NFT_SUPPLY,
+            "Exceeds MAX_NFT_SUPPLY"
+        );
+        require(
+            getNFTPrice() * numberOfNfts == msg.value,
+            "Ether value sent is not correct"
+        );
+
+        for (uint256 i; i < numberOfNfts; i++) {
+            uint256 tokenId = totalSupply;
+            _safeMint(msg.sender, tokenId);
+        }
+    }
+
+    function getNFTPrice() public view override returns (uint256 price) {
+        price = ONE_ETHER / MAX_NFT_SUPPLY;
+    }
+
+    // transfer ownership to a new address
+    function transferOwnership(address newOwner) public {
+        require(msg.sender == owner);
+
+        pendingOwner = newOwner;
+    }
+
+    // accept the ownership transfer
+    function acceptOwnership() public {
+        require(msg.sender == pendingOwner);
+
+        owner = pendingOwner;
+        pendingOwner = address(0);
+    }
+
+    function _beforeTokenTransfer(
+        address from,
+        address to,
+        uint256
+    ) internal override {
+        if (from == address(0)) {
+            totalSupply += 1;
+        }
+        if (to == address(0)) {
+            totalSupply -= 1;
+        }
+    }
+}
+
+contract NftSaleChallenge {
+    Nft public immutable token;
+
+    constructor() {
+        token = new Nft();
+    }
+}