Skip to content

Commit 1f46823

Browse files
plotchyplotchy
committed
init
0 parents  commit 1f46823

13 files changed

Lines changed: 313 additions & 0 deletions

.env-template

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
# If you have a certain CTF URL
2+
export CTF_URL=https://...
3+
4+
# My local erigon node rpc
5+
export ERIGON_URL=http://127.0.0.1:8545
6+
7+
# I run anvil with:
8+
# anvil --accounts 1 --fork-url $ERIGON_URL -p 8546;
9+
export ANVIL_URL=http://127.0.0.1:8546
10+
11+
# Anvil default key 1
12+
export PRIVATE_KEY_1=0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80

.gitignore

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
# Compiler files
2+
cache/
3+
out/
4+
5+
# Ignores development broadcast logs
6+
!/broadcast
7+
/broadcast/*
8+
/broadcast/*/31337/
9+
10+
# Security
11+
.env

README.md

Whitespace-only changes.

copy_challenge.sh

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
#! /usr/bin/env bash
2+
3+
# Make this file executable:
4+
# chmod +x copy_challenge.sh
5+
# Use this file as so:
6+
# ./copy_challenge.sh NewChallengeName
7+
8+
# Change to your absolute ctf directory
9+
preamble=/home/plotchy/code/ctf/CTF-Setup
10+
11+
cp $preamble/test/TestTemplate.t.sol $preamble/test/$1.t.sol
12+
cp $preamble/script/ScriptTemplate.s.sol $preamble/script/$1.s.sol
13+
14+
mkdir -p $preamble/src/$1/public/contracts
15+
cp -r $preamble/src/chal_name/public/contracts/Exploit.sol $preamble/src/$1/public/contracts/Exploit.sol
16+
17+
sed -i "s/chal_name/$1/g" $preamble/test/$1.t.sol
18+
sed -i "s/TestTemplate/$1/g" $preamble/test/$1.t.sol
19+
sed -i "s/ScriptTemplate/$1/g" $preamble/test/$1.t.sol
20+
21+
sed -i "s/chal_name/$1/g" $preamble/script/$1.s.sol
22+
sed -i "s/TestTemplate/$1/g" $preamble/script/$1.s.sol
23+
sed -i "s/ScriptTemplate/$1/g" $preamble/script/$1.s.sol
24+
25+
sed -i "s/chal_name/$1/g" $preamble/src/$1/public/contracts/Exploit.sol

foundry.toml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
[profile.default]
2+
src = 'src'
3+
out = 'out'
4+
libs = ['lib']
5+
ffi = true
6+
7+
# See more config options https://github.com/foundry-rs/foundry/tree/master/config

remappings.txt

Whitespace-only changes.

script/ScriptTemplate.s.sol

Lines changed: 82 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,82 @@
1+
// SPDX-License-Identifier: MIT
2+
pragma solidity ^0.8.13;
3+
import "forge-std/Script.sol";
4+
import "../src/chal_name/public/contracts/Setup.sol";
5+
import "../src/chal_name/public/contracts/Exploit.sol";
6+
7+
bytes constant SIXTY_FOUR_ZEROS = "0000000000000000000000000000000000000000000000000000000000000000"; // ctrlc+v on handcrafted calldata
8+
address constant CREATE2_FACTORY = 0x4e59b44847b379578588920cA78FbF26c0B4956C;
9+
/*
10+
Commands:
11+
# Testing command
12+
forge test --mp ./test/TestTemplate.t.sol --mc Tester --fork-url $ANVIL_URL -vvvvv
13+
14+
# Debug command
15+
forge test --mp ./test/TestTemplate.t.sol --mc Tester --debug <function> --fork-url $ANVIL_URL
16+
17+
# Script command
18+
forge script script/ScriptTemplate.s.sol:Scripter --rpc-url $ANVIL_URL --private-key $PRIVATE_KEY_1 --broadcast -vvvvv
19+
20+
# Debug broadcasted tx:
21+
cast run <TXHASH> -d --rpc-url $ANVIL_URL
22+
23+
# Exploratory
24+
forge inspect <path>:<ContractName> storage --pretty
25+
https://ethervm.io/decompile
26+
https://library.dedaub.com/decompile
27+
panoramix <bytecode>
28+
*/
29+
contract Scripter is Script {
30+
31+
Challenge challenge;
32+
address payable challengeAddress;
33+
address payable setupAddress;
34+
address payable exploitAddress;
35+
function setUp() public {}
36+
37+
function run() external {
38+
vm.startBroadcast();
39+
40+
Setup setup = new Setup{value: 100 ether}();
41+
setupAddress = payable(address(setup));
42+
challenge = setup.challenge();
43+
challengeAddress = payable(address(challenge));
44+
45+
Exploit exploit = new Exploit{value: 100 ether}(setup, challenge);
46+
exploitAddress = payable(address(exploit));
47+
exploit.finalize();
48+
49+
// // alternatively use etk code as exploit
50+
// bytes memory etkCode = etkLoad();
51+
// address _addr;
52+
// assembly {
53+
// _addr := create(0, add(initcode, 0x20), mload(initcode))
54+
// }
55+
// exploitAddress = address(_addr);
56+
57+
vm.stopBroadcast();
58+
}
59+
60+
61+
function etkLoad() public returns (bytes memory etkCode){
62+
// Helper function to load handcrafted EVM code from a file.
63+
// typically used as:
64+
//
65+
// bytes memory etkCode = etkLoad();
66+
// vm.etch(someAddress, etkCode);
67+
// someAddress.call(hex"69696969");
68+
69+
string[] memory inputs = new string[](2);
70+
// /**
71+
// * windows: scripts/compile.bat
72+
// * linux : scripts/compile.sh
73+
// */
74+
inputs[0] = "./script/compile.sh";
75+
76+
// // path/to/contract.etk
77+
inputs[1] = "./src/chal_name/public/contracts/exploit.etk";
78+
79+
etkCode = vm.ffi(inputs);
80+
}
81+
82+
}

script/compile.sh

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
#! /usr/bin/env bash
2+
3+
echo "0x$(eas $1)"

src/chal_name/public/contracts/Challenge.sol

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
//SPDX-License-Identifier: MIT
2+
pragma solidity ^0.8.4;
3+
// dummy for no import errors
4+
contract Challenge {}

src/chal_name/public/contracts/Exploit.sol

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
//SPDX-License-Identifier: MIT
2+
pragma solidity ^0.8.4;
3+
4+
import './Setup.sol';
5+
import './Challenge.sol';
6+
contract Exploit {
7+
8+
Setup public setup;
9+
address payable public setupAddress;
10+
Challenge public challenge;
11+
address payable public challengeAddress;
12+
13+
14+
constructor(Setup _setup, Challenge _challenge) payable {
15+
setup = _setup;
16+
setupAddress = payable(address(setup));
17+
challenge = _challenge;
18+
challengeAddress = payable(address(challenge));
19+
}
20+
21+
function finalize() external {
22+
23+
}
24+
25+
function checkSolved() public view returns(bool) {
26+
return setup.isSolved();
27+
}
28+
29+
fallback() external payable {
30+
31+
}
32+
}

0 commit comments

Comments
 (0)