Initial commit

README.md

@@ -0,0 +1,115 @@
+# a-MAZE-X: A Smart Contract Security Capture the Flag Workshop
+
+![amazeXlogo](./img/amazeXlogo.png)
+
+Welcome to Secureum's a-MAZE-X challenge!
+
+Within this repository you will find:
+- the project's dependencies
+- the smart contract codes
+- tests scripts (written in `JS`)
+
+The smart contracts to be hacked are located within the `contracts` directy.
+
+Each challenge consists of a single `solidity` soruce file.
+
+Challenges are grouped in 3 different levels, and each challange awards different quantities of points to your score.
+
+## Beginner level
+
+I see, you are an aspiring group of security experts... Let's check if you know your A, B, Cs with these challenges ;)  
+
+### Challenge 1: SecureVault
+
+```
+We have deployed a secure vault protected with a secret private password seed and a random generated one.
+Can you guess the secret private password and drain all the locked funds?
+
+This challenge adds 1 ether to your score. 
+```
+
+>! In case you got stuck, check out [this link](https://ethereum.stackexchange.com/questions/115601/ethers-js-equivalent-for-web3-eth-getstorageat) and [this link](https://ethereum.stackexchange.com/questions/119990/how-to-mimic-abi-encodepacked-in-ethers).
+
+### Challenge 2: Weirdo
+
+
+```
+We have deployed a vault that will lock the founds forever, since it's protected with a tautology.
+If only there was a way to break it... 
+
+Anyways, it's a vault where funds are locked forever! HAHAHAH
+
+This challenge adds 1.1 ether to your score.
+```
+
+>! In case you got stuck, check out [this link]().
+
+
+### Challenge 3: TimeLock
+
+
+```
+This is yet another vault, but this time the funds are locked for a week.
+But you really need those funds now... Such a shame!!!
+
+This challenge adds 1.2 ether to your score.
+```
+
+>! In case you got stuck, check out [this link](https://forum.openzeppelin.com/t/guide-to-using-create2-sol-library-in-openzeppelin-contracts-2-5-to-deploy-a-vault-contract/2268).
+
+## Intermediate level
+
+If you didn't sweat with the previous 3 contracts, it's time to turn the heat up a bit!
+
+These contracts require more patience and attention to detail. Good luck security experts!
+
+### Challenge 4: Padlock
+
+```
+This is a padlock to be opened... If you can.
+Be careful, becuse if you're too hard with it, the padlock breaks!
+
+The password to open the first padlock is `activatexwormholemiami`,
+you will have to figure out how to open the remaining ones.
+
+This challenge adds 2 ether to your score.
+```
+
+>! In case you got stuck, check out [this link](https://www.tutorialspoint.com/solidity/solidity_conversions.htm).
+
+>! An additional hint is: If the compiler does not allow implicit conversion but you are confident a conversion will work, an explicit type conversion is sometimes possible. This may result in unexpected behaviour and allows you to bypass some security features of the compiler e.g. `int` to `uint`. If an integer is explicitly converted to a smaller type, higher-order bits are cut off. If an integer is explicitly converted to a larger type, it is padded on the left (i.e., at the higher order end). Fixed-size bytes types while explicitly converting to a smaller type and will cut off the bytes to the right. Fixed-size bytes types while explicitly converting to a larger type and will pad bytes to the right.
+
+### Challenge 5: BecomeMaster
+
+```
+This is a padlock to be opened... If you can.
+Be careful, becuse if you're too hard with it, the padlock breaks!
+
+The password to open the first padlock is `activatexwormholemiami`,
+you will have to figure out how to open the remaining ones.
+
+This challenge adds 2 ether to your score.
+```
+
+>! In case you got stuck, check out [this link](https://www.tutorialspoint.com/solidity/solidity_conversions.htm).
+
+
+## Advanced
+
+If you've gotten this far, you're are on the right track for becoming the next security superstars!
+
+This last challenge will be absolutely different to every challenge you've faced until now.
+
+Good luck!
+
+### Challenge 6: Vault
+
+```
+Yet another Vault...
+Some criminal you're following has locked their stolen fortune in the form of a bank's governance token.
+
+It is your mission to infiltrate the bank's governance, take over it and steal the criminal's money.
+That'll show them! Right?
+```
+
+>! In case you got stuck, check out [this link]() and [this link](https://hackernoon.com/hack-solidity-reentrancy-attack).

challenge-addresses.js

@@ -0,0 +1,9 @@
+module.exports = {
+    "user": "",
+    "N1SecureVault": "",
+    "N2Weirdo": "",
+    "N3TimeLock": "",
+    "N4Padlock": "",
+    "N5BecomeMaster": "",
+    "N6VaultChallenge": ""
+}

contracts/N1-SecureVault-easy.sol

@@ -0,0 +1,71 @@
+//SPDX-License-Identifier: MIT
+pragma solidity 0.8.0;
+
+//import "hardhat/console.sol";
+
+contract N1SecureVault {
+    // @notice This is the secret number, its value is safe because it's a private variable :P
+    uint256 private _secret;
+
+    event FundsRecovered(address indexed sender, uint256 amount);
+
+    /// @dev On creation, we setup a secret number to access the locked funds
+    constructor() payable {
+        require(
+            msg.value == 0.0001 ether,
+            "You must send 0.0001 ether to create the vault"
+        );
+        _secret =
+            uint256(
+                keccak256(
+                    abi.encodePacked(
+                        block.difficulty,
+                        block.timestamp,
+                        gasleft()
+                    )
+                )
+            ) %
+            31337;
+    }
+
+    /// @dev Owner can unlock funds using the secret number
+    function recoverFunds(uint256 _password) external payable {
+        require(
+            msg.value == 0.0001 ether,
+            "You must send 0.0001 ether to unlock the funds"
+        );
+
+        uint256 _balance = address(this).balance;
+
+        /*console.log("------ recoverFunds secret check -------");
+        console.log(
+            "password to match ",
+            uint256(keccak256(abi.encodePacked(_secret, _balance)))
+        );
+        console.log("_password         ", _password);*/
+
+        if (
+            _password == uint256(keccak256(abi.encodePacked(_secret, _balance)))
+        ) {
+            payable(msg.sender).transfer(_balance);
+            emit FundsRecovered(msg.sender, _balance);
+        }
+
+        // Security measure to prevent funds from being stolen
+        _secret =
+            uint256(
+                keccak256(
+                    abi.encodePacked(
+                        block.difficulty,
+                        block.timestamp,
+                        gasleft()
+                    )
+                )
+            ) %
+            31337;
+    }
+
+    fallback() external {}
+
+    receive() external payable {}
+}

contracts/N2-Weirdo-easy.sol

@@ -0,0 +1,27 @@
+//SPDX-License-Identifier: MIT
+pragma solidity 0.8.4;
+
+import "@openzeppelin/contracts/utils/Address.sol";
+
+contract N2Weirdo {
+    event FundsRecovered(address indexed sender, uint256 amount);
+
+    uint256 public balance;
+
+    constructor() payable {
+        require(
+            msg.value == 0.0001 ether,
+            "You must send 0.0001 ether to create the vault"
+        );
+        balance = address(this).balance;
+    }
+
+    /// @dev Funds are safely locked forever! muahahahaha
+    function recoverFunds() external {
+        uint256 _balance = address(this).balance;
+        require(balance != _balance, "This vault is locked");
+
+        payable(msg.sender).transfer(_balance);
+        emit FundsRecovered(msg.sender, _balance);
+    }
+}

contracts/N3-TimeLock-easy.sol

@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: MIT
+pragma solidity 0.6.12;
+
+contract N3TimeLock {
+    mapping(address => uint256) public balances;
+    mapping(address => uint256) public lockTime;
+
+    constructor() public payable {
+        require(
+            msg.value == 0.0001 ether,
+            "You must send 0.0001 ether to create the vault"
+        );
+    }
+
+    function deposit() public payable {
+        balances[tx.origin] += msg.value;
+        lockTime[tx.origin] = now + 1 weeks;
+    }
+
+    function increaseLockTime(uint256 _secondsToIncrease) public {
+        lockTime[tx.origin] += _secondsToIncrease;
+    }
+
+    function withdraw() public {
+        require(balances[tx.origin] > 0);
+        require(now > lockTime[tx.origin]);
+        msg.sender.transfer(balances[tx.origin]);
+        balances[tx.origin] = 0;
+    }
+}

contracts/hacks/N2-Weirdohack-easy.sol

@@ -0,0 +1,11 @@
+//SPDX-License-Identifier: MIT
+pragma solidity 0.8.4;
+
+// import "hardhat/console.log";
+
+contract N2WeirdoHack {
+
+  constructor(address target) payable {
+  // Complete with your own code
+  }
+}

contracts/hacks/N3-TimeLockhack-easy.sol

@@ -0,0 +1,14 @@
+//SPDX-License-Identifier: MIT
+pragma solidity 0.6.12;
+
+import "../N3-TimeLock-easy.sol";
+
+contract N3TimeLockHack {
+
+    N3TimeLock challenge;
+    // You can declare whatever you need, here
+
+    constructor(N3TimeLock _challenge, address _user) public {
+    // Complete this with your own code
+    }
+}

hardhat.config.js

@@ -0,0 +1,80 @@
+require("@nomiclabs/hardhat-waffle");
+require("@nomiclabs/hardhat-etherscan");
+require("dotenv").config();
+
+const ALCHEMY_API_KEY_MUMBAI = process.env.ALCHEMY_API_KEY_MUMBAI || "";
+const PRIVATE_KEY = process.env.PRIVATE_KEY || "";
+
+const TEAM_0 = process.env.TEAM_0 || "";
+
+// This is a sample Hardhat task. To learn how to create your own go to
+// https://hardhat.org/guides/create-task.html
+// npx hardhat accounts --network mumbai
+task("accounts", "Prints the list of accounts", async () => {
+  const accounts = await ethers.getSigners();
+
+  for (const account of accounts) {
+    console.log(account.address);
+  }
+});
+
+// You need to export an object to set up your config
+// Go to https://hardhat.org/config/ to learn more
+
+/**
+ * @type import('hardhat/config').HardhatUserConfig
+ */
+module.exports = {
+  solidity: {
+    compilers: [
+      {
+        version: '0.8.4',
+        settings: {
+          optimizer: {
+            enabled: true,
+            runs: 200,
+          },
+        },
+      },
+      {
+        version: '0.8.11',
+        settings: {
+          optimizer: {
+            enabled: true,
+            runs: 200,
+          },
+        },
+      },
+      {
+        version: '0.8.0',
+        settings: {
+          optimizer: {
+            enabled: true,
+            runs: 200,
+          },
+        },
+      },
+      {
+        version: '0.6.12',
+        settings: {
+          optimizer: {
+            enabled: true,
+            runs: 200,
+          },
+        },
+      },
+    ],
+  },
+  networks: {
+    mumbai: {
+      url: `https://polygon-mumbai.g.alchemy.com/v2/${ALCHEMY_API_KEY_MUMBAI}`,
+      accounts: [TEAM_0],
+    },
+    hardhat: {
+      forking: {
+        url: `https://polygon-mumbai.g.alchemy.com/v2/${ALCHEMY_API_KEY_MUMBAI}`
+      }
+    },
+  },
+};
+