diff --git a/contracts/CCTF_2023.sol b/contracts/CCTF_2023.sol
new file mode 100644
index 0000000..b0d0c87
--- /dev/null
+++ b/contracts/CCTF_2023.sol
@@ -0,0 +1,130 @@
+// SPDX-License-Identifier: Apache-2.0
+// Authors: Anonz team, developed at Polkadot Metaverse Championship, as part of their CCTF track solution.
+// Based on Six's and Silur's CCTF 2022 code.
+pragma solidity ^0.8.10;
+
+contract CryptoCTFX {
+  enum PlayerStatus {
+    Unverified,
+    Verified,
+    Banned
+  }
+
+  struct Player {
+    PlayerStatus status;
+    uint score;
+  }
+
+  modifier onlyExistingContest(uint contestID) {
+    require(contests[contestID].admin != address(0), "Unknown contest ID");
+    _;
+  }
+
+  modifier onlyAdmin(uint contestID) {
+    require(msg.sender == contests[contestID].admin, "You are not the admin of this contest");
+    _;
+  }
+
+  modifier onlyOpen(uint contestID) {
+    require(contests[contestID].submissionsOpen, "Submissions are not open for this contest at this time");
+    _;
+  }
+
+  modifier onlyExistingChallenge(uint contestID, uint challengeID) {
+    require(contests[contestID].challenges[challengeID].obscuredFlag != address(0), "Unknown challenge ID");
+    _;
+  }
+
+  struct Challenge {
+    address obscuredFlag; // public key of the flag
+    uint worth;
+    uint256 descriptionFingerprint;
+    bool onlyFirstSolver;
+    string skill;
+  }
+
+  struct Contest {
+    address admin;
+    mapping (uint => Challenge) challenges;
+    mapping (address => Player) players;
+    bool submissionsOpen;
+    mapping (address => mapping (uint => bool)) solves; // address -> challengeID -> solved/not
+    mapping (uint => bool) anySolves; // challengeID -> solved/not
+  }
+
+  mapping (uint => Contest) public contests;
+
+  event ChallengeAddedOrUpdated(uint contestID, uint indexed challengeID);
+  event ChallengeSolved(uint contestID, uint indexed challengeID, address indexed solver);
+
+  function createContest(uint contestID) external {
+    require(contests[contestID].admin == address(0), "This contest ID has already been registered");
+    contests[contestID].admin = msg.sender;
+    contests[contestID].submissionsOpen = false;
+  }
+
+  function setAdmin(uint contestID, address newAdmin) external onlyExistingContest(contestID) onlyAdmin(contestID) {
+    require(newAdmin != address(0));
+    contests[contestID].admin = newAdmin;
+  }
+
+  function setSubmissionsStatus(uint contestID, bool open) external onlyExistingContest(contestID) onlyAdmin(contestID) {
+    contests[contestID].submissionsOpen = open;
+  }
+
+  function addOrUpdateChallenge(uint contestID, uint challengeID, address obscuredFlag, uint worth, uint256 descriptionFingerprint, bool onlyFirstSolver, string memory skill) external onlyExistingContest(contestID) onlyAdmin(contestID) {
+    require(obscuredFlag != address(0), "The obscured flag value must not be 0");
+    contests[contestID].challenges[challengeID] = Challenge(obscuredFlag, worth, descriptionFingerprint, onlyFirstSolver, skill);
+    emit ChallengeAddedOrUpdated(contestID, challengeID);
+  }
+
+  function register(uint contestID, string memory password) external onlyExistingContest(contestID) {
+    require(contests[contestID].players[msg.sender].status == PlayerStatus.Unverified, "You are already registered or banned in this contest");
+    require(keccak256(abi.encodePacked("I_read_it")) == keccak256(abi.encodePacked(password)));
+    contests[contestID].players[msg.sender].status = PlayerStatus.Verified;
+  }
+
+  function setPlayerStatus(uint contestID, address player, PlayerStatus status) external onlyExistingContest(contestID) onlyAdmin(contestID) {
+    contests[contestID].players[player].status = status;
+  }
+
+  function submitFlag(uint contestID, uint challengeID, bytes32 messageHash, bytes memory signature) external onlyExistingContest(contestID) onlyExistingChallenge(contestID, challengeID) onlyOpen(contestID) {
+    require(contests[contestID].players[msg.sender].status == PlayerStatus.Verified, "You are unverified or banned in this contest");
+    // the correct signature is an ECDSA signature where (1) the message (hash) is the sender address and (2) the private key is the flag;
+    // (2) is checked by testing against the public key, which can then be public information
+    address recoveredSigner = recoverSigner(messageHash, signature);
+    require(recoveredSigner != address(0), "Invalid signature");
+    require(recoveredSigner == contests[contestID].challenges[challengeID].obscuredFlag, "Wrong answer");
+    require(!contests[contestID].solves[msg.sender][challengeID], "You have already solved this challenge of this contest");
+
+    if (!contests[contestID].anySolves[challengeID] || !contests[contestID].challenges[challengeID].onlyFirstSolver) {
+      contests[contestID].players[msg.sender].score += contests[contestID].challenges[challengeID].worth;
+    }
+    contests[contestID].solves[msg.sender][challengeID] = true;
+    contests[contestID].anySolves[challengeID] = true;
+
+    emit ChallengeSolved(contestID, challengeID, msg.sender);
+  }
+
+  function recoverSigner(bytes32 messageHash, bytes memory signature) public pure returns (address) {
+    (bytes32 r, bytes32 s, uint8 v) = splitSignature(signature);
+    return ecrecover(messageHash, v, r, s);
+  }
+
+  function splitSignature(bytes memory sig) public pure returns (bytes32 r, bytes32 s, uint8 v) {
+    require(sig.length == 65, "Invalid signature length");
+    assembly {
+      r := mload(add(sig, 32))
+      s := mload(add(sig, 64))
+      v := byte(0, mload(add(sig, 96)))
+    }
+  }
+
+  function getPlayerStatus(uint contestID, address player) external view onlyExistingContest(contestID) returns (PlayerStatus) {
+    return contests[contestID].players[player].status;
+  }
+
+  function getPlayerScore(uint contestID, address player) external view onlyExistingContest(contestID) returns (uint) {
+    return contests[contestID].players[player].score;
+  }
+}