README.md

Note

This file contains the information related to the Awesomwasm 2023 live event. If you want to work on the CTF, please check the root README

---

Oak Security Capture The Flag ⛳️ - AwesomWasm Online Event

Follow us on Twitter at @SecurityOak to receive the latest information on the event. All the details will be first published there and then compiled in this README.

The CTF ended on July 17th. Thanks to everyone for participating in it!

Writeups

1. Capture The Flag ️Writeups — AwesomWasm 2023 Pt. 1
2. Capture The Flag ️Writeups — AwesomWasm 2023 Pt. 2

Navigation

1. To get started with the challenges, please visit the main branch.
2. To view the proof of concept for the challenges, please visit the poc-exploit branch. The proof of concept is written as an exploit() test case and can be found in the exploit.rs file.
3. To view the fixed versions of the challenges, please visit the fixed branch. All proof of concept test cases are prefixed with #[ignore="bug is patched"], so they will not be automatically executed when running cargo test.

Winners

1. @forbiddnstars
2. @CruncherDefi
3. @jc0f0116
4. @LeTurt_
5. @i_be_jc

Note that the three best submissions had all identified all security vulnerabilities. We used the quality and readability of the report as a tie-breaker to determine the winner. 🎉

Here is the official announcement in Twitter.

Key information

Our Capture The Flag event will be exclusively centered around CosmWasm smart contract security. As a participant, you will review the code of several smart contracts. To crack the challenges you will need to spot a wide variety of dangerous security vulnerabilities.

The top 5 winners will be announced on Twitter and receive shoutouts there.

• Number of challenges: 10
• Start date: 10th of July, 2023
• End Date: 17th of July, 2023 (23:59)
• Location: Worldwide! our event will be held online and asynchronously so anyone can participate.
• Recorded live stream : https://www.youtube.com/live/YIb3UsLxlbQ?feature=share
• Results submission: Google Forms link

Crack all our challenges and show the community that you know your way in security, either as an auditor or a security-minded developer!

Join the official Telegram channel to get in touch with us!

Follow us on Twitter to stay up to date.

Getting started

Quick links

• POINTS.md contains the overall points of each challenges.
• SAMPLE_REPORT_TEMPLATE.md contains a sample report template in Markdown format.

Running test case

1. Navigate into challenge folder.

cd ctf-01/

2. Run tests

cargo test

Questions?

Just open an issue in this repository to get an answer from our team.