Free TON

FreeTON hacker journey with blockchain CTF tournament

Short description

Start FreeTON hacker journey with blockchain CTF tournament




TBP ~20.09.2020 - 30.09.2020


It can containing vulnerable smart contracts with various business use cases ranging from decentralized trust funds and open source lottery systems, to ICOs and automated royalty agreements. + Other thigs can be too.

Evaluation criteria and Winning conditions:

Number of find flags. Flag cost based on time and Complexity

The Jury

Not need. Automatic rating with smart contact for flags check


The winners needs to find more than 51% of flags:

1st prize — 50,000 Tons

2nd prize — 45,000 Tons

3rd prize — 40,000 Tons

4th prize — 35,000 Tons

5th prize — 30,000 Tons

Next 10 runners up — 10,000 Tons each (Find more than 30% of flags)

Additional bonus can be too for find something else too. TBD

P.S. Any ideas?


Вообще круто… Станислав, Вы взломщик?

No, just play CTF at work (Big bank group in Europe) There I get 4-5 place. Can’t remember exactly. And also there was little help from work colleagues with one task.

1 Like

Let’s start with the following standard CTF tasks categories:

  • Reverse: you have the smart-contract and should find the right input message (i.e. external) for it to give you the flag. The message should contain the public key to encrypt the clear-text flag to the task solver. Like some “keygen me” implementation on the blockchain. If there is no TVM disassembler available - we could give the smart-contract source code, just make it less obvious*
  • OSINT: get the true fund destinations with some not-so-hard-to-trace tokens mixer implementation, like
  • PWN: some “beat the dice” or “beat the casino”-like types of tasks (of course the smart-contracts are intentionally flawed); again if there is no disassembler - we can give the source codes of the corresponding smart-contracts
  • Crypto: “steal-the-funds”: flawed Curve22519/Ed22519 keys in standard multisig wallet, or flawed PRNG for seed phrase generation (PRNG sources attached)
  • Stego: some “secret agent” is hiding his wallet access keys/seeds in some tricky ways - images stego, text stego, etc (the usual ways for this kind of tasks), the participant should get his hands on “agent’s” wallet. The wallet access data could be separated (i.e. one part of the seed phrase is hidden inside the picture, another part is in the text-based stego, etc)
  • PPC: beat the smart-contract during chess, checkers, tick-tack-toe, guess-the-number games, etc*
  • Web: well, no ideas here, as there is no direct relation to blockchain :smiley: We could create any traditional web-security tasks here, i.e. blockchain chat with flawed web interface where admin needs to be XSSed (and for him to send the task solving confirmation message as the proof not noticing it).

The main problems that I can highlight here:

  1. *The pretty fundamental problem: how can we make smart-contracts to hold some private data (flags) and for contestants to be able to get/decrypt it without revealing the keys? Some crypto scheme need to be invented for that, though I doubt that would be possible by the nature of smart-contracts execution process. Maybe we should get away from the “flags” paradigm, but use the following instead: the participants are registering their wallet addresses as the part of CTF registration process, and once “owned” the tasks smart-contracts should send some “task solving” confirmation messages to the participants, just like the Elector does (the “1 token” stake confirmation message). That would definitely provide the way to prove the task was solved by the contestant without any traditional “flags”, that way is more “native” to blockchain’s way of things. There must be some “challenge-response” scheme involved for others not to be able to just replay the winner’s messages to solve the tasks. As as alternative the tasks smart-contracts should send the confirmation messages to the leaderboard smart-contract, so there is no need for participants to register their wallets.
  2. No readily-available disassembler for TVM for now. Temporary solution: give the source codes of smart-contracts to participants. Robust solution: make the contestants create the TVM disassembler as one of the tasks (and maybe share it later) :smiley:
  3. “Get-the-funds” kind of tasks. Obvious: once the funds are “stolen” there are no funds left for the others. Solution: change the task’s smart-contract address as soon as one of contestants “solved” it, of course getting the other contestants to know the new address. The leaderboard smart-contract is tracking these changing addresses and creating the new ones.

So regarding the “problem 1” I could see the way the leaderboard definitely to be the smart-contract too, but it must not rely on the flags, but instead on the “confirmation” messages from the task’s smart contracts to participants wallets. Or the task smart-contracts should send the task solving confirmation messages to the leaderboard directly.
Regarding the “problem 2” - if there would be no readily-available disassemblers we can just give the source codes (solidity, func, fift, c/c++ as there is clang available, or the compiled TVM assembly code from TVM-Linker) to contestants, just make them harder to read (remove the original variables/functions names, mix up the logic with finite automatons, etc “obfuscation means”).


Вау ничего не понял, но думаю это крутая тема, всеми руками за:smile::fire::fire::fire::fire::muscle: