Posts
Ashiq's blog
Cancel

Cyber Cartel Cyber Cartel was a challenge that involved draining a treasury contract with a flawed multisig implementation. The win condition was to drain the ETH from the treasury, which is possi...

Intro Searchers of Nottingham was a MEV-style CTF game that ran for 2 weeks over 3 seasons. The game provided a market that allowed players to trade against each other with the aim to have the mos...

Intro This blog post is written to demonstrate TokenFlow’s Blockchain Datasets. I used the Ethereum and Optimism datasets to query historical storage of certain contracts during bug hunting and ju...

Black Sheep We’re given the following huff code and the goal of the challenge was to drain the contract of its balance. I’ve never worked with huff before, but it’s fairly intuitive to read even w...

Flashbots hosted the MEV-Share CTF, a set of challenges based around their MEV-Share product. The CTF ran from 5 to 7 Aug, but I didn’t have much free time and wasn’t able to get running in the few...

Background I came across the announcement of the n project on Twitter and decided to have a closer look. This was an abstract number-based NFT project similar to the recent loot NFTs which caused ...

Background I recently received a message from a high school friend asking for help regarding his compromised Metamask: The wallet was compromised because he was phished into sending his Metamas...

Filestore was a miscellaneous challenge from the Google CTF. We are given the following Python file: import os, secrets, string, time from flag import flag def main(): # It's a tiny server.....

This post contains the solutions of all 8 Damn Vulnerable Defi challenges. The challenges are focused around exploiting soldity-based smart contracts. If any of the solutions are unclear, please re...

hello This was a sanity check to ensure that your setup is working. For each challenge, we’re given our own private blockchain instance where the setup contracts were deployed and for us to solve....