david wong

Hey! I'm David, a security consultant at Cryptography Services, the crypto team of NCC Group . This is my blog about cryptography and security and other related topics that I find interesting.

Ethernaut CTF walk through

posted 4 weeks ago

This is a walk through of the Ethernaut capture-the-flag competition where each challenge was an ethereum smart contract you had to break.

I did this at 2am in a hotel room in Romania and ended up not finishing the last challenge because I took too long and didn't want to re-record that part. Basically what I was missing in my malicious contract: a function to withdraw tokens from the victim contract (it would have work since I had a huge amount of token via the attack). I figured I should still upload that as it might be useful to someone.

Well done! You've reached the end of my post. Now you can leave me a comment :)

Anon

You're awesome. Seriously. I've been following you and your blog since you initially posted something about Ethereum being hacked (which then resulted in the Classic fork). Your content and videos are so well-made and unique, thank you!

Care to include donation addresses? I prefer to stay anonymous, so maybe get yourself a Monero wallet and I'll buy you an apple juice? :) You should definitely check out Monero and the math behind it.

david

hey thanks! I'll have to think about a donation address one day :o)

I use Zcash but haven't yet tried Monero. It does look interesting though!

david

oh actually, if it's based on ring signatures, Michael Rosenberg explained a bunch of that to me :) he also wrote about it here: http://cryptoservices.github.io/cryptography/2017/07/21/Sigs.html

Anon

Thanks, great info. Keep me updated on your donation addresses!