chainflag / solidctf Goto Github PK
View Code? Open in Web Editor NEWSolidCTF is an infrastructure solution that simplifies the build of Solidity CTF challenges.
License: MIT License
SolidCTF is an infrastructure solution that simplifies the build of Solidity CTF challenges.
License: MIT License
how can I change port "8545" on my server
Hi, I'm struggling from deploying example contract
with your PoA geth private Network.
I got an error as below when I tried to deploy the contract.
$ nc 172.x.x.x 20000
We design a pretty easy contract challenge. Enjoy it!
Your goal is to make isSolved() function returns true!
[1] - Create an account which will be used to deploy the challenge contract
[2] - Deploy the challenge contract using your generated account
[3] - Get your flag once you meet the requirement
[4] - Show the contract source code
[-] input your choice: 2
[-] input your token: v4.local.bFdMp90mn5dSUcQGMymwkCr2_TO5tTxc~~
401 Client Error: Unauthorized for url: http://172.x.x.x:8545/
/geth
directory to make an account and a genesis block, and running docker-compose up
to start PoA geth private network.docker run -it -p 20000:20000 -e WEB3_PROVIDER_URI=http://172.x.x.x:8545 chainflag/eth-challenge-base
nc 172.x.x.x 20000
2
to deploy a new contract and got an errorSo I checked the tcp packet and there was an 401 error since eth_getBlockByNumber
was not whitelisted.
Please let me know if I missed anything or if there are any other logs that you need.
Hello again!
I seem to have a few issues regarding the deployment of my contract with the image from https://github.com/chainflag/ctf-eth-env.
When I deploy my contract and I use web3.eth.getCode()
in the geth console, the contract seems to have failed to deploy, since the returned value is 0x
:
$ nc 127.0.0.1 20000
We design a pretty easy contract challenge. Enjoy it!
Your goal is to make isSolved() function returns true!
[1] - Create an account which will be used to deploy the challenge contract
[2] - Deploy the challenge contract using your generated account
[3] - Get your flag once you meet the requirement
[4] - Show the contract source code
[-] input your choice: 2
[-] input your token: v4.local.oTuLapGiLip4sN8Xeq4ybs4I7mSrjqBDcBpWfbvG52pLza7_ApYZFTVE5I8Iim2_6ghuVcEfhtsqWMJZtelJYd5xYvw0snfi3QgXDMUVE1FWmdMathorVQIfDCwDw04B8MzZVdzgnVMI9bpZ3R-xc7eojYxa5PosF-TqK9VzgwX2oA
[+] contract address: 0xCE598ED0e36dD47D376ad524666036CAFc31A0E8
[+] transaction hash: 0x2ae4e59f72051abe409a5664f03db3162537f081eb3cc2dceb93d6d378f0ee28
$ geth attach http://127.0.0.1:8545
Welcome to the Geth JavaScript console!
instance: Geth/v1.10.15-stable-8be800ff/linux-amd64/go1.17.5
coinbase: 0x7723d574e25d448e5c55d03fccf09d077f3776ce
at block: 40425 (Tue Jan 25 2022 02:14:08 GMT-0500 (EST))
modules: debug:1.0 eth:1.0 net:1.0 rpc:1.0 web3:1.0
To exit, press ctrl-d or type exit
> web3.eth.getCode("0xCE598ED0e36dD47D376ad524666036CAFc31A0E8")
"0x"
Furthermore, when I try to get the flag using the 3rd action, I get this error:
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/web3/contract.py", line 1515, in call_contract_function
output_data = web3.codec.decode_abi(output_types, return_data)
File "/usr/local/lib/python3.9/site-packages/eth_abi/codec.py", line 181, in decode_abi
return decoder(stream)
File "/usr/local/lib/python3.9/site-packages/eth_abi/decoding.py", line 127, in __call__
return self.decode(stream)
File "/usr/local/lib/python3.9/site-packages/eth_utils/functional.py", line 45, in inner
return callback(fn(*args, **kwargs))
File "/usr/local/lib/python3.9/site-packages/eth_abi/decoding.py", line 173, in decode
yield decoder(stream)
File "/usr/local/lib/python3.9/site-packages/eth_abi/decoding.py", line 127, in __call__
return self.decode(stream)
File "/usr/local/lib/python3.9/site-packages/eth_abi/decoding.py", line 198, in decode
raw_data = self.read_data_from_stream(stream)
File "/usr/local/lib/python3.9/site-packages/eth_abi/decoding.py", line 305, in read_data_from_stream
raise InsufficientDataBytes(
eth_abi.exceptions.InsufficientDataBytes: Tried to read 32 bytes. Only got 0 bytes
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/home/ctf/run.py", line 50, in <module>
main()
File "/home/ctf/run.py", line 46, in main
sys.exit(actions[choice].handler())
File "/home/ctf/eth_challenge_base/action.py", line 166, in action
is_solved = self._contract.at(contract_addr).isSolved().call()
File "/usr/local/lib/python3.9/site-packages/web3/contract.py", line 959, in call
return call_contract_function(
File "/usr/local/lib/python3.9/site-packages/web3/contract.py", line 1532, in call_contract_function
raise BadFunctionCallOutput(msg) from e
web3.exceptions.BadFunctionCallOutput: Could not transact with/call contract function, is contract deployed correctly and chain synced?
So I am keen to believe there was an error during the creation of the contract lol! It compiles successfully when deploying the container. I am really confused...
Please let me know if you need any more traces. Thank you!
Hello!
I am getting the error in the title when trying to deploy a challenge contract when running the example in the /example
folder.
I am using the PoA geth private network inside of the /geth directory as my Web3 RTC provider.
The entire trace of the error is the following:
nc 127.0.0.1 20000 ✔ 10s
We design a pretty easy contract challenge. Enjoy it!
Your goal is to make isSolved() function returns true!
[1] - Create an account which will be used to deploy the challenge contract
[2] - Deploy the challenge contract using your generated account
[3] - Get your flag once you meet the requirement
[4] - Show the contract source code
[-] input your choice: 1
[+] deployer account: 0x7dCC0f237b795E718e16591bB00ACB8e2121FfD2
[+] token: v4.local.v-vOGz-M2GYzBik-EAADyrkoDaJLDtJc68TCyByYn7CFUsnHalmocKi9EzhjsXGMOu8UKrT-GKFKK7N2S4DEZd8Kmdya1ilUhn4K5Ei1yWu5cj7XMkt47aalZt60Qc98VhHGgOIn0ZzAMqtBi0_qqFZGfgzd_gEloBHaxrbzvyMIsg
Traceback (most recent call last):
File "/home/ctf/run.py", line 50, in <module>
main()
File "/home/ctf/run.py", line 46, in main
sys.exit(actions[choice].handler())
File "/home/ctf/eth_challenge_base/action.py", line 67, in action
or self._contract.deploy.estimate_gas(constructor.args)
File "/home/ctf/eth_challenge_base/utils/eth.py", line 101, in estimate_gas
return self._instance.constructor(*args).estimateGas()
File "/usr/local/lib/python3.9/site-packages/eth_utils/decorators.py", line 18, in _wrapper
return self.method(obj, *args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/web3/contract.py", line 643, in estimateGas
return self.web3.eth.estimate_gas(
File "/usr/local/lib/python3.9/site-packages/web3/eth.py", line 735, in estimate_gas
return self._estimate_gas(transaction, block_identifier)
File "/usr/local/lib/python3.9/site-packages/web3/module.py", line 57, in caller
result = w3.manager.request_blocking(method_str,
File "/usr/local/lib/python3.9/site-packages/web3/manager.py", line 186, in request_blocking
response = self._make_request(method, params)
File "/usr/local/lib/python3.9/site-packages/web3/manager.py", line 147, in _make_request
return request_func(method, params)
File "cytoolz/functoolz.pyx", line 250, in cytoolz.functoolz.curry.__call__
File "/usr/local/lib/python3.9/site-packages/web3/middleware/formatting.py", line 76, in apply_formatters
response = make_request(method, params)
File "/usr/local/lib/python3.9/site-packages/web3/middleware/gas_price_strategy.py", line 90, in middleware
return make_request(method, params)
File "cytoolz/functoolz.pyx", line 250, in cytoolz.functoolz.curry.__call__
File "/usr/local/lib/python3.9/site-packages/web3/middleware/formatting.py", line 74, in apply_formatters
response = make_request(method, formatted_params)
File "/usr/local/lib/python3.9/site-packages/web3/middleware/attrdict.py", line 33, in middleware
response = make_request(method, params)
File "cytoolz/functoolz.pyx", line 250, in cytoolz.functoolz.curry.__call__
File "/usr/local/lib/python3.9/site-packages/web3/middleware/formatting.py", line 74, in apply_formatters
response = make_request(method, formatted_params)
File "cytoolz/functoolz.pyx", line 250, in cytoolz.functoolz.curry.__call__
File "/usr/local/lib/python3.9/site-packages/web3/middleware/formatting.py", line 74, in apply_formatters
response = make_request(method, formatted_params)
File "cytoolz/functoolz.pyx", line 250, in cytoolz.functoolz.curry.__call__
File "/usr/local/lib/python3.9/site-packages/web3/middleware/formatting.py", line 74, in apply_formatters
response = make_request(method, formatted_params)
File "/usr/local/lib/python3.9/site-packages/web3/middleware/buffered_gas_estimate.py", line 40, in middleware
return make_request(method, params)
File "/usr/local/lib/python3.9/site-packages/web3/providers/auto.py", line 94, in make_request
return self._proxy_request(method, params)
File "/usr/local/lib/python3.9/site-packages/web3/providers/auto.py", line 106, in _proxy_request
raise CannotHandleRequest(
web3.exceptions.CannotHandleRequest: Could not discover provider while making request: method:eth_estimateGas
params:({'data': '0x608060405234801561001057600080fd5b506040516106b53803806106b583398101604081905261002f916100e2565b8051610042906000906020840190610049565b5050610202565b828054610055906101b1565b90600052602060002090601f01602090048101928261007757600085556100bd565b82601f1061009057805160ff19168380011785556100bd565b828001600101855582156100bd579182015b828111156100bd5782518255916020019190600101906100a2565b506100c99291506100cd565b5090565b5b808211156100c957600081556001016100ce565b600060208083850312156100f557600080fd5b82516001600160401b038082111561010c57600080fd5b818501915085601f83011261012057600080fd5b815181811115610132576101326101ec565b604051601f8201601f19908116603f0116810190838211818310171561015a5761015a6101ec565b81604052828152888684870101111561017257600080fd5b600093505b828410156101945784840186015181850187015292850192610177565b828411156101a55760008684830101525b98975050505050505050565b600181811c908216806101c557607f821691505b602082108114156101e657634e487b7160e01b600052602260045260246000fd5b50919050565b634e487b7160e01b600052604160045260246000fd5b6104a4806102116000396000f3fe608060405234801561001057600080fd5b50600436106100415760003560e01c806364d98f6e14610046578063a413686214610063578063cfae321714610078575b600080fd5b61004e61008d565b60405190151581526020015b60405180910390f35b610076610071366004610251565b61010f565b005b610080610126565b60405161005a91906103ba565b6000806040518060400160405280600e81526020016d48656c6c6f436861696e466c616760901b815250905060006040516020016100cb919061031e565b60405160208183030381529060405280519060200120816040516020016100f29190610302565b604051602081830303815290604052805190602001201491505090565b80516101229060009060208401906101b8565b5050565b6060600080546101359061041d565b80601f01602080910402602001604051908101604052809291908181526020018280546101619061041d565b80156101ae5780601f10610183576101008083540402835291602001916101ae565b820191906000526020600020905b81548152906001019060200180831161019157829003601f168201915b5050505050905090565b8280546101c49061041d565b90600052602060002090601f0160209004810192826101e6576000855561022c565b82601f106101ff57805160ff191683800117855561022c565b8280016001018555821561022c579182015b8281111561022c578251825591602001919060010190610211565b5061023892915061023c565b5090565b5b80821115610238576000815560010161023d565b60006020828403121561026357600080fd5b813567ffffffffffffffff8082111561027b57600080fd5b818401915084601f83011261028f57600080fd5b8135818111156102a1576102a1610458565b604051601f8201601f19908116603f011681019083821181831017156102c9576102c9610458565b816040528281528760208487010111156102e257600080fd5b826020860160208301376000928101602001929092525095945050505050565b600082516103148184602087016103ed565b9190910192915050565b600080835481600182811c91508083168061033a57607f831692505b602080841082141561035a57634e487b7160e01b86526022600452602486fd5b81801561036e576001811461037f576103ac565b60ff198616895284890196506103ac565b60008a81526020902060005b868110156103a45781548b82015290850190830161038b565b505084890196505b509498975050505050505050565b60208152600082518060208401526103d98160408501602087016103ed565b601f01601f19169190910160400192915050565b60005b838110156104085781810151838201526020016103f0565b83811115610417576000848401525b50505050565b600181811c9082168061043157607f821691505b6020821081141561045257634e487b7160e01b600052602260045260246000fd5b50919050565b634e487b7160e01b600052604160045260246000fdfea2646970667358221220fe5bbadaeb2595dc6e73ff3c1690c998b4933dbda3a07bca27c8d6e68e5dfbe264736f6c634300080700330000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000568656c6c6f000000000000000000000000000000000000000000000000000000'},)
Expected behaviour:
The contract should be deployed on the network and the token should be returned.
Actual behaviour:
The program crashes and no contract is deployed.
Steps to reproduce:
/geth
README to create an account, a genesis block and start the PoA network using docker-compose up
./example/.env
file: WEB3_PROVIDER_URI=http://localhost:8545
docker-compose up
in the /example
folder.nc 127.0.0.1 20000
I thought that maybe the eth_estimateGas
was not whitelisted through nginx, but it is.
The network running did not show any trace of the request or the error. Please let me know if I missed anything or if there are any other logs that you need.
注意到在近期更新中将 eth_getBlockByHash 、 eth_getBlockByNumber 等与区块查询相关的 RPC API 默认设置为开放状态,我明白这是为了让 Remix 、 Metamask 等工具也能在题目环境链中正常运行,但这同时也意味着存在通过扫描所有区块交易并复刻抄袭其他选手解题答案的可能。
即假设某题目已经有解,那么只需通过 eth_getBlockByNumber 向前扫描每个区块以获取每个区块中包含的交易哈希,并根据这些交易哈希逐个通过 eth_getTransactionByHash 获取交易收据详情,是存在答案抄袭的可能性的(尽管这或许非常耗时)。
我并没有非常好的解决办法,因为我也认为需要让题目环境尽可能兼容所有的工具,希望团队能有更好的解决方案、或是显著提示有高度保密需求的开发者应该如何配置。
Traceback (most recent call last):
File "/home/ctf/run.py", line 44, in
conn_handler()
File "/home/ctf/run.py", line 24, in conn_handler
actions = Actions(project_path, config)
File "/home/ctf/eth_challenge_base/action.py", line 26, in init
with open(os.path.join(self._artifact_path, f"{config.contract}.json")) as fp:
FileNotFoundError: [Errno 2] No such file or directory: '/home/ctf/./build/contracts/contracttest.json'
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.