david wong

Hey! I'm David, cofounder of zkSecurity and the author of the Real-World Cryptography book. I was previously a crypto architect at O(1) Labs (working on the Mina cryptocurrency), before that I was the security lead for Diem (formerly Libra) at Novi (Facebook), and a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.

Ethernaut CTF walk through posted November 2017

This is a walk through of the Ethernaut capture-the-flag competition where each challenge was an ethereum smart contract you had to break.

I did this at 2am in a hotel room in Romania and ended up not finishing the last challenge because I took too long and didn't want to re-record that part. Basically what I was missing in my malicious contract: a function to withdraw tokens from the victim contract (it would have work since I had a huge amount of token via the attack). I figured I should still upload that as it might be useful to someone.

Well done! You've reached the end of my post. Now you can leave a comment or read something else.

Comments

Anon

You're awesome. Seriously. I've been following you and your blog since you initially posted something about Ethereum being hacked (which then resulted in the Classic fork). Your content and videos are so well-made and unique, thank you!

Care to include donation addresses? I prefer to stay anonymous, so maybe get yourself a Monero wallet and I'll buy you an apple juice? :) You should definitely check out Monero and the math behind it.

david

hey thanks! I'll have to think about a donation address one day :o)

I use Zcash but haven't yet tried Monero. It does look interesting though!

david

oh actually, if it's based on ring signatures, Michael Rosenberg explained a bunch of that to me :) he also wrote about it here: http://cryptoservices.github.io/cryptography/2017/07/21/Sigs.html

Anon

Thanks, great info. Keep me updated on your donation addresses!

leave a comment...