2022-10-06 15:17:05 +00:00
|
|
|
# pwn w3bridges
|
|
|
|
|
Workshop for "web3" bridge hacking at Hacktivity 2022
|
2022-10-04 17:13:47 +00:00
|
|
|
|
2022-10-11 10:13:41 +00:00
|
|
|
You can find the presentation in the docs folder.
|
|
|
|
|
|
2022-10-06 15:17:05 +00:00
|
|
|
## Agenda
|
2022-10-05 18:05:05 +00:00
|
|
|
|
2022-10-06 15:17:05 +00:00
|
|
|
#### Introduction
|
|
|
|
|
- Web3 vs web2 hacking, concepts / workshop topology
|
2022-10-06 20:59:37 +00:00
|
|
|
- Who interacted with dApps/SCs before?
|
|
|
|
|
- Who codes Solidity?
|
|
|
|
|
- Who codes Rust?
|
|
|
|
|
- Who used a bridge before?
|
|
|
|
|
- Who is the cryptographer?
|
2022-10-05 18:05:05 +00:00
|
|
|
|
2022-10-06 15:17:05 +00:00
|
|
|
#### Environment setup, system requirements
|
|
|
|
|
- Any browser for Ethereum, Remix
|
2022-10-06 20:59:37 +00:00
|
|
|
- Python3
|
2022-10-06 15:17:05 +00:00
|
|
|
- Substrate, Rust nightly
|
2022-10-05 18:05:05 +00:00
|
|
|
|
2022-10-06 15:17:05 +00:00
|
|
|
#### Scenario 1: Token on two chains, mint using receipt
|
|
|
|
|
- Solidity basics, using remix for compile
|
|
|
|
|
- Exploit visibility, take admin
|
|
|
|
|
- ECDSA Ethereum basics
|
|
|
|
|
- Mint with receipt -> Find the vuln!
|
2022-10-05 18:05:05 +00:00
|
|
|
|
2022-10-06 15:17:05 +00:00
|
|
|
#### Scenario 2: Signature forgery (any chain)
|
|
|
|
|
- Deploy SC on Ethereum chain
|
|
|
|
|
- Compile Substrate with EVM
|
2022-10-06 20:59:37 +00:00
|
|
|
- Deploy SC on Substrate chain (so it is different from core)
|
2022-10-06 15:17:05 +00:00
|
|
|
- Test ECDSA signature forgery exploit from one to other
|
2022-10-06 20:59:37 +00:00
|
|
|
- Test same issue with WASM/ink!
|
2022-10-05 18:05:05 +00:00
|
|
|
|
2022-10-06 15:17:05 +00:00
|
|
|
## Resources
|
|
|
|
|
|
|
|
|
|
#### Scenario 1
|
2022-10-05 18:05:05 +00:00
|
|
|
https://remix.ethereum.org/
|
2022-10-06 15:17:05 +00:00
|
|
|
https://www.tutorialspoint.com/solidity/solidity_operators.htm
|
2022-10-05 18:05:05 +00:00
|
|
|
https://polkadot.js.org/apps/
|
|
|
|
|
https://ethereum.org/en/developers/docs/standards/tokens/erc-20/
|
|
|
|
|
https://git.hsbp.org/six/eth_keygen
|
|
|
|
|
|
2022-10-06 15:17:05 +00:00
|
|
|
#### Scenario 2
|
2022-10-06 20:59:37 +00:00
|
|
|
https://cryptoctf.org/2022/09/11/writeup-of-flag-submission-forgery-by-si/
|
2022-10-05 18:05:05 +00:00
|
|
|
https://github.com/paritytech/substrate-contracts-node
|
|
|
|
|
https://docs.substrate.io/quick-start/
|
|
|
|
|
https://github.com/substrate-developer-hub/substrate-front-end-template
|
|
|
|
|
https://github.com/paritytech/ink
|
2022-10-06 15:17:05 +00:00
|
|
|
https://github.com/paritytech/substrate/blob/master/primitives/core/src/ecdsa.rs
|
2022-10-05 18:05:05 +00:00
|
|
|
https://use.ink/getting-started/setup
|
|
|
|
|
https://medium.com/block-journal/introducing-substrate-smart-contracts-with-ink-d486289e2b59
|
2022-10-06 20:59:37 +00:00
|
|
|
https://github.com/paritytech/contracts-ui
|
|
|
|
|
https://contracts-ui.substrate.io/?rpc=wss://rpc.shibuya.astar.network
|
2022-10-06 15:17:05 +00:00
|
|
|
https://substrate.io/developers/playground/
|
2022-10-06 20:59:37 +00:00
|
|
|
https://security.stackexchange.com/questions/200682/is-it-possible-to-fake-ecdsa-signatures
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Solidity Hacking Homework
|
|
|
|
|
|
|
|
|
|
1. Crypto Wojak - Who is the admin?
|
|
|
|
|
2. Sminem - Set the password
|
|
|
|
|
3. Crypto Wojak - Make your tries count 2 or more
|
|
|
|
|
4. Crypto Wojak - Make your tries count 2 and get the answer
|
|
|
|
|
5. HODLer - Deposit ether twice with the same address
|
|
|
|
|
6. Crypto Wojak - Execute selfdestruct()
|
|
|
|
|
+1 Sminem - Create a signature to prove you are Satoshi (see js folder)
|
