These are my solutions (6/10) to the Oak Security CosmWasm CTF challenges. Each solution is in the test_exploit
function of the corresponding challenge's integration tests. All credit for developing the challenge ideas and infrastructure goes to the original creators.
Crack all our challenges and show the community that you know your way in security, either as an auditor or a security-minded developer! This CTF was run as a live event during AwesomWasm 2023, for info related to the event check this other file.
Follow us on Twitter at @SecurityOak to receive the latest news on Cosmos security and fresh audit reports.
To get started with the challenges, please go to the main branch. The 10 challenges follow no particular difficulty order, number 1 may not be easier than number 10 and the other way around. Each of them showcase a different security issue or exploitation techniques that we find during our security audits.
1. Mjolnir | 6. Hofund |
2. Gungnir | 7. Tyrfing |
3. Laevateinn | 8. Gjallarhorn |
4. Gram | 9. Brisingamen |
5. Draupnir | 10. Mistilteinn |
After you have given your best to solve each of the challenges, we encourage you to create an "audit-like" report. You can follow this template or any other that you consider suitable.
Your results are ready now! we have published our own writeups so you can compare and check if your solutions are correct. Please visit:
In addition:
- To view the proof of concept for the challenges, please visit the poc-exploit branch. The proof of concept is written as an
exploit()
test case and can be found in theexploit.rs
file. - To view the fixed versions of the challenges, please visit the fixed branch. All proof of concept test cases are prefixed with
#[ignore="bug is patched"]
, so they will not be automatically executed when runningcargo test
.
- Navigate into challenge folder.
cd ctf-01/
- Run tests
cargo test
Just open an issue in this repository to get an answer from our team.