chainflag / solidctf Goto Github PK

View Code? Open in Web Editor NEW

126.0 126.0 16.0 620 KB

SolidCTF is an infrastructure solution that simplifies the build of Solidity CTF challenges.

License: MIT License

Python 57.96% Dockerfile 5.02% Shell 7.78% Makefile 1.48% JavaScript 17.87% CSS 4.79% HTML 5.10%

blockchain ctf solidity-ctf

solidctf's People

Contributors

Stargazers

Watchers

Forkers

ainevsia xhyumiracle codingsafe hitcxy monsef-noubadji w0wpolaris pinkdiamond1 t0hka1 vvbbnn00 badboy3000 chen4903 movebit 0xgoerlimainnet 0xoutofgas

solidctf's Issues

Change docker port

how can I change port "8545" on my server

401 Client Error: Unauthorized for url

Hi, I'm struggling from deploying example contract with your PoA geth private Network.

I got an error as below when I tried to deploy the contract.

$ nc 172.x.x.x 20000

We design a pretty easy contract challenge. Enjoy it!
Your goal is to make isSolved() function returns true!

[1] - Create an account which will be used to deploy the challenge contract
[2] - Deploy the challenge contract using your generated account
[3] - Get your flag once you meet the requirement
[4] - Show the contract source code
[-] input your choice: 2
[-] input your token: v4.local.bFdMp90mn5dSUcQGMymwkCr2_TO5tTxc~~
401 Client Error: Unauthorized for url: http://172.x.x.x:8545/

Steps to reproduce:

Following the steps in the /geth directory to make an account and a genesis block, and running docker-compose up to start PoA geth private network.
Run docker run -it -p 20000:20000 -e WEB3_PROVIDER_URI=http://172.x.x.x:8545 chainflag/eth-challenge-base
Connect to the challenge server like nc 172.x.x.x 20000
Create an account and request 1ETH in the facuet
Select 2 to deploy a new contract and got an error

So I checked the tcp packet and there was an 401 error since eth_getBlockByNumber was not whitelisted.

Please let me know if I missed anything or if there are any other logs that you need.

Challenge contract deployment action seems to fail without trace

Hello again!

I seem to have a few issues regarding the deployment of my contract with the image from https://github.com/chainflag/ctf-eth-env.

When I deploy my contract and I use web3.eth.getCode() in the geth console, the contract seems to have failed to deploy, since the returned value is 0x:

$ nc 127.0.0.1 20000                                                                                                                                                  

We design a pretty easy contract challenge. Enjoy it!
Your goal is to make isSolved() function returns true!

[1] - Create an account which will be used to deploy the challenge contract
[2] - Deploy the challenge contract using your generated account
[3] - Get your flag once you meet the requirement
[4] - Show the contract source code
[-] input your choice: 2
[-] input your token: v4.local.oTuLapGiLip4sN8Xeq4ybs4I7mSrjqBDcBpWfbvG52pLza7_ApYZFTVE5I8Iim2_6ghuVcEfhtsqWMJZtelJYd5xYvw0snfi3QgXDMUVE1FWmdMathorVQIfDCwDw04B8MzZVdzgnVMI9bpZ3R-xc7eojYxa5PosF-TqK9VzgwX2oA
[+] contract address: 0xCE598ED0e36dD47D376ad524666036CAFc31A0E8
[+] transaction hash: 0x2ae4e59f72051abe409a5664f03db3162537f081eb3cc2dceb93d6d378f0ee28

$ geth attach http://127.0.0.1:8545 
Welcome to the Geth JavaScript console!

instance: Geth/v1.10.15-stable-8be800ff/linux-amd64/go1.17.5
coinbase: 0x7723d574e25d448e5c55d03fccf09d077f3776ce
at block: 40425 (Tue Jan 25 2022 02:14:08 GMT-0500 (EST))
 modules: debug:1.0 eth:1.0 net:1.0 rpc:1.0 web3:1.0

To exit, press ctrl-d or type exit
> web3.eth.getCode("0xCE598ED0e36dD47D376ad524666036CAFc31A0E8")
"0x"

Furthermore, when I try to get the flag using the 3rd action, I get this error:

Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/web3/contract.py", line 1515, in call_contract_function
    output_data = web3.codec.decode_abi(output_types, return_data)
  File "/usr/local/lib/python3.9/site-packages/eth_abi/codec.py", line 181, in decode_abi
    return decoder(stream)
  File "/usr/local/lib/python3.9/site-packages/eth_abi/decoding.py", line 127, in __call__
    return self.decode(stream)
  File "/usr/local/lib/python3.9/site-packages/eth_utils/functional.py", line 45, in inner
    return callback(fn(*args, **kwargs))
  File "/usr/local/lib/python3.9/site-packages/eth_abi/decoding.py", line 173, in decode
    yield decoder(stream)
  File "/usr/local/lib/python3.9/site-packages/eth_abi/decoding.py", line 127, in __call__
    return self.decode(stream)
  File "/usr/local/lib/python3.9/site-packages/eth_abi/decoding.py", line 198, in decode
    raw_data = self.read_data_from_stream(stream)
  File "/usr/local/lib/python3.9/site-packages/eth_abi/decoding.py", line 305, in read_data_from_stream
    raise InsufficientDataBytes(
eth_abi.exceptions.InsufficientDataBytes: Tried to read 32 bytes.  Only got 0 bytes

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/ctf/run.py", line 50, in <module>
    main()
  File "/home/ctf/run.py", line 46, in main
    sys.exit(actions[choice].handler())
  File "/home/ctf/eth_challenge_base/action.py", line 166, in action
    is_solved = self._contract.at(contract_addr).isSolved().call()
  File "/usr/local/lib/python3.9/site-packages/web3/contract.py", line 959, in call
    return call_contract_function(
  File "/usr/local/lib/python3.9/site-packages/web3/contract.py", line 1532, in call_contract_function
    raise BadFunctionCallOutput(msg) from e
web3.exceptions.BadFunctionCallOutput: Could not transact with/call contract function, is contract deployed correctly and chain synced?

So I am keen to believe there was an error during the creation of the contract lol! It compiles successfully when deploying the container. I am really confused...

Please let me know if you need any more traces. Thank you!

"Could not discover provider while making request: method:eth_estimateGas"

Hello!

I am getting the error in the title when trying to deploy a challenge contract when running the example in the /example folder.
I am using the PoA geth private network inside of the /geth directory as my Web3 RTC provider.

The entire trace of the error is the following:

nc 127.0.0.1 20000                                                                                    ✔  10s  
We design a pretty easy contract challenge. Enjoy it!
Your goal is to make isSolved() function returns true!

[1] - Create an account which will be used to deploy the challenge contract
[2] - Deploy the challenge contract using your generated account
[3] - Get your flag once you meet the requirement
[4] - Show the contract source code
[-] input your choice: 1
[+] deployer account: 0x7dCC0f237b795E718e16591bB00ACB8e2121FfD2
[+] token: v4.local.v-vOGz-M2GYzBik-EAADyrkoDaJLDtJc68TCyByYn7CFUsnHalmocKi9EzhjsXGMOu8UKrT-GKFKK7N2S4DEZd8Kmdya1ilUhn4K5Ei1yWu5cj7XMkt47aalZt60Qc98VhHGgOIn0ZzAMqtBi0_qqFZGfgzd_gEloBHaxrbzvyMIsg
Traceback (most recent call last):
  File "/home/ctf/run.py", line 50, in <module>
    main()
  File "/home/ctf/run.py", line 46, in main
    sys.exit(actions[choice].handler())
  File "/home/ctf/eth_challenge_base/action.py", line 67, in action
    or self._contract.deploy.estimate_gas(constructor.args)
  File "/home/ctf/eth_challenge_base/utils/eth.py", line 101, in estimate_gas
    return self._instance.constructor(*args).estimateGas()
  File "/usr/local/lib/python3.9/site-packages/eth_utils/decorators.py", line 18, in _wrapper
    return self.method(obj, *args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/web3/contract.py", line 643, in estimateGas
    return self.web3.eth.estimate_gas(
  File "/usr/local/lib/python3.9/site-packages/web3/eth.py", line 735, in estimate_gas
    return self._estimate_gas(transaction, block_identifier)
  File "/usr/local/lib/python3.9/site-packages/web3/module.py", line 57, in caller
    result = w3.manager.request_blocking(method_str,
  File "/usr/local/lib/python3.9/site-packages/web3/manager.py", line 186, in request_blocking
    response = self._make_request(method, params)
  File "/usr/local/lib/python3.9/site-packages/web3/manager.py", line 147, in _make_request
    return request_func(method, params)
  File "cytoolz/functoolz.pyx", line 250, in cytoolz.functoolz.curry.__call__
  File "/usr/local/lib/python3.9/site-packages/web3/middleware/formatting.py", line 76, in apply_formatters
    response = make_request(method, params)
  File "/usr/local/lib/python3.9/site-packages/web3/middleware/gas_price_strategy.py", line 90, in middleware
    return make_request(method, params)
  File "cytoolz/functoolz.pyx", line 250, in cytoolz.functoolz.curry.__call__
  File "/usr/local/lib/python3.9/site-packages/web3/middleware/formatting.py", line 74, in apply_formatters
    response = make_request(method, formatted_params)
  File "/usr/local/lib/python3.9/site-packages/web3/middleware/attrdict.py", line 33, in middleware
    response = make_request(method, params)
  File "cytoolz/functoolz.pyx", line 250, in cytoolz.functoolz.curry.__call__
  File "/usr/local/lib/python3.9/site-packages/web3/middleware/formatting.py", line 74, in apply_formatters
    response = make_request(method, formatted_params)
  File "cytoolz/functoolz.pyx", line 250, in cytoolz.functoolz.curry.__call__
  File "/usr/local/lib/python3.9/site-packages/web3/middleware/formatting.py", line 74, in apply_formatters
    response = make_request(method, formatted_params)
  File "cytoolz/functoolz.pyx", line 250, in cytoolz.functoolz.curry.__call__
  File "/usr/local/lib/python3.9/site-packages/web3/middleware/formatting.py", line 74, in apply_formatters
    response = make_request(method, formatted_params)
  File "/usr/local/lib/python3.9/site-packages/web3/middleware/buffered_gas_estimate.py", line 40, in middleware
    return make_request(method, params)
  File "/usr/local/lib/python3.9/site-packages/web3/providers/auto.py", line 94, in make_request
    return self._proxy_request(method, params)
  File "/usr/local/lib/python3.9/site-packages/web3/providers/auto.py", line 106, in _proxy_request
    raise CannotHandleRequest(
web3.exceptions.CannotHandleRequest: Could not discover provider while making request: method:eth_estimateGas
params:({'data': '0x608060405234801561001057600080fd5b506040516106b53803806106b583398101604081905261002f916100e2565b8051610042906000906020840190610049565b5050610202565b828054610055906101b1565b90600052602060002090601f01602090048101928261007757600085556100bd565b82601f1061009057805160ff19168380011785556100bd565b828001600101855582156100bd579182015b828111156100bd5782518255916020019190600101906100a2565b506100c99291506100cd565b5090565b5b808211156100c957600081556001016100ce565b600060208083850312156100f557600080fd5b82516001600160401b038082111561010c57600080fd5b818501915085601f83011261012057600080fd5b815181811115610132576101326101ec565b604051601f8201601f19908116603f0116810190838211818310171561015a5761015a6101ec565b81604052828152888684870101111561017257600080fd5b600093505b828410156101945784840186015181850187015292850192610177565b828411156101a55760008684830101525b98975050505050505050565b600181811c908216806101c557607f821691505b602082108114156101e657634e487b7160e01b600052602260045260246000fd5b50919050565b634e487b7160e01b600052604160045260246000fd5b6104a4806102116000396000f3fe608060405234801561001057600080fd5b50600436106100415760003560e01c806364d98f6e14610046578063a413686214610063578063cfae321714610078575b600080fd5b61004e61008d565b60405190151581526020015b60405180910390f35b610076610071366004610251565b61010f565b005b610080610126565b60405161005a91906103ba565b6000806040518060400160405280600e81526020016d48656c6c6f436861696e466c616760901b815250905060006040516020016100cb919061031e565b60405160208183030381529060405280519060200120816040516020016100f29190610302565b604051602081830303815290604052805190602001201491505090565b80516101229060009060208401906101b8565b5050565b6060600080546101359061041d565b80601f01602080910402602001604051908101604052809291908181526020018280546101619061041d565b80156101ae5780601f10610183576101008083540402835291602001916101ae565b820191906000526020600020905b81548152906001019060200180831161019157829003601f168201915b5050505050905090565b8280546101c49061041d565b90600052602060002090601f0160209004810192826101e6576000855561022c565b82601f106101ff57805160ff191683800117855561022c565b8280016001018555821561022c579182015b8281111561022c578251825591602001919060010190610211565b5061023892915061023c565b5090565b5b80821115610238576000815560010161023d565b60006020828403121561026357600080fd5b813567ffffffffffffffff8082111561027b57600080fd5b818401915084601f83011261028f57600080fd5b8135818111156102a1576102a1610458565b604051601f8201601f19908116603f011681019083821181831017156102c9576102c9610458565b816040528281528760208487010111156102e257600080fd5b826020860160208301376000928101602001929092525095945050505050565b600082516103148184602087016103ed565b9190910192915050565b600080835481600182811c91508083168061033a57607f831692505b602080841082141561035a57634e487b7160e01b86526022600452602486fd5b81801561036e576001811461037f576103ac565b60ff198616895284890196506103ac565b60008a81526020902060005b868110156103a45781548b82015290850190830161038b565b505084890196505b509498975050505050505050565b60208152600082518060208401526103d98160408501602087016103ed565b601f01601f19169190910160400192915050565b60005b838110156104085781810151838201526020016103f0565b83811115610417576000848401525b50505050565b600181811c9082168061043157607f821691505b6020821081141561045257634e487b7160e01b600052602260045260246000fd5b50919050565b634e487b7160e01b600052604160045260246000fdfea2646970667358221220fe5bbadaeb2595dc6e73ff3c1690c998b4933dbda3a07bca27c8d6e68e5dfbe264736f6c634300080700330000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000568656c6c6f000000000000000000000000000000000000000000000000000000'},)

Expected behaviour:
The contract should be deployed on the network and the token should be returned.

Actual behaviour:
The program crashes and no contract is deployed.

Steps to reproduce:

Follow the steps in the /geth README to create an account, a genesis block and start the PoA network using docker-compose up.
Write the following inside of the /example/.env file: WEB3_PROVIDER_URI=http://localhost:8545
Run docker-compose up in the /example folder.
Connect to the challenge server with netcat: nc 127.0.0.1 20000
Select the first option to deploy a new challenge contract

I thought that maybe the eth_estimateGas was not whitelisted through nginx, but it is.

The network running did not show any trace of the request or the error. Please let me know if I missed anything or if there are any other logs that you need.

新版本可能导致的解题答案抄袭问题。

注意到在近期更新中将 eth_getBlockByHash 、 eth_getBlockByNumber 等与区块查询相关的 RPC API 默认设置为开放状态，我明白这是为了让 Remix 、 Metamask 等工具也能在题目环境链中正常运行，但这同时也意味着存在通过扫描所有区块交易并复刻抄袭其他选手解题答案的可能。
即假设某题目已经有解，那么只需通过 eth_getBlockByNumber 向前扫描每个区块以获取每个区块中包含的交易哈希，并根据这些交易哈希逐个通过 eth_getTransactionByHash 获取交易收据详情，是存在答案抄袭的可能性的（尽管这或许非常耗时）。
我并没有非常好的解决办法，因为我也认为需要让题目环境尽可能兼容所有的工具，希望团队能有更好的解决方案、或是显著提示有高度保密需求的开发者应该如何配置。

i can not find this file

Traceback (most recent call last):
File "/home/ctf/run.py", line 44, in
conn_handler()
File "/home/ctf/run.py", line 24, in conn_handler
actions = Actions(project_path, config)
File "/home/ctf/eth_challenge_base/action.py", line 26, in init
with open(os.path.join(self._artifact_path, f"{config.contract}.json")) as fp:
FileNotFoundError: [Errno 2] No such file or directory: '/home/ctf/./build/contracts/contracttest.json'

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.