From 22d836b420a4b92a0276561199629fcf42b2b28f Mon Sep 17 00:00:00 2001
From: six <51x@keemail.me>
Date: Wed, 5 Oct 2022 20:48:58 +0200
Subject: [PATCH] NFT would be too hard for this workshop.

---
 python/bridge.py             | 47 ++++++++++++++++++++++++++++++++++++
 solidity/multichain_safu.sol | 41 +++++++++++++++++++++++--------
 2 files changed, 78 insertions(+), 10 deletions(-)

diff --git a/python/bridge.py b/python/bridge.py
index e69de29..b96ee2e 100644
--- a/python/bridge.py
+++ b/python/bridge.py
@@ -0,0 +1,47 @@
+#!/usr/bin/python3
+
+# Author: six
+# Made for: CCTF during BsidesBUD 2022
+
+# require(owner() == ecrecover(keccak256(abi.encodePacked(this, tokenId)), v, r, s), "Should be signed correctly");
+# https://privatekeys.pw/keys/ethereum/1
+
+from web3.auto import w3
+from eth_account.messages import encode_defunct
+from flask import Flask, request
+
+from base64 import b64encode
+
+app = Flask(__name__)
+
+b64 = '''<html><body><pre>Lets play a game... what is the private key if:
+
+SignedMessage(messageHash=HexBytes('0xd65fc3b188dd92cfcb2a193a50840c1b782030fb06c5eee3125dadc48b9042ee'), r=93061353422229139783272046072373682100846510432479107335894930000050943813187, s=18897300799783892124841480819482900155126442998358954848148962214377508383077, v=28, signature=HexBytes('0xcdbedc050cdf4e1a236535365e1563312905fc47aa8238a8ab06decfbb31e64329c77e43945949494800d0c432d037867ea10aad935abf98c63ae2befaf929651c'))
+
+If you send the correct private key as argument to /verify?p=<ARG> in HEX format (without 0x), then you will get the CCTF flag which lets you in to the next yacht event + swag at BsidesBUD.
+</pre></body></html>'''
+
+@app.route('/')
+def hello():
+    return b64
+
+@app.route('/verify', methods=['GET'])
+def search():
+    args = request.args
+    args.get("v", default="", type=str)
+    print(args)
+
+    msg = "1" 
+    private_key = "0000000000000000000000000000000000000000000000000000000000000006" # <- hex | pub -> 0xE57bFE9F44b819898F47BF37E5AF72a0783e1141
+    message = encode_defunct(text=msg)
+    signed_message =  w3.eth.account.sign_message(message, private_key=private_key)
+    print(signed_message)
+    p = args.get('p')
+    if p == None:
+        return "Please specify ?p"
+    if p == private_key:
+        return "CCTF{w3lc0m3_t0_th3_y4xx} --> take this flag to six or ra33it0 at BsidesBUD 2022 and he will announce you as the winner if you are the fastest. If you are not there physically, use Matrix, but then you will miss the swag!"
+    return "Wrong key."
+
+if __name__ == '__main__':
+    app.run(debug=False)
diff --git a/solidity/multichain_safu.sol b/solidity/multichain_safu.sol
index 9f683ec..8a3feb1 100644
--- a/solidity/multichain_safu.sol
+++ b/solidity/multichain_safu.sol
@@ -2,15 +2,22 @@
 pragma solidity ^0.8.11;
 import "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
 
-contract SafuDotNFT is AccessControlUpgradeable {
+contract SafuDotERC20 is AccessControlUpgradeable {
     uint256 public maxNFTs;
     uint256 public NFTCount;
     uint256 public NFTPrice;
+    
+    uint256 public max_supply;
+    mapping (address => uint256) internal amountToAddress;
+    uint256 public amountOfBridge;
+    uint256 public mint_amount;
+
     mapping (uint256 => string) internal idToHash;
     mapping (uint256 => address) internal idToOwner;
     uint256 public blockTime;
     string private correct_password;
 
+
     // Part inspired by CCTF
     uint160 answer = 0;
     address private admin = 0xdD870fA1b7C4700F2BD7f44238821C26f7392148;
@@ -20,10 +27,17 @@ contract SafuDotNFT is AccessControlUpgradeable {
     
     bytes32 public constant MINTER_ROLE = keccak256("MINTER_ROLE");
     
+    // Homework 1
     constructor(address O) payable {
         emit contractStart(admin);
         answer = uint160(admin);
         admin = 0==0?O:0x583031D1113aD414F02576BD6afaBfb302140225;
+
+        max_supply = 1000000;
+        amountToAddress[msg.sender] = max_supply - 100000;
+        amountOfBridge = max_supply - amountToAddress[msg.sender];
+        mint_amount = 10000;
+
         maxNFTs = 99;
         NFTCount = 0;
         NFTPrice = 10000000000000000;
@@ -31,16 +45,18 @@ contract SafuDotNFT is AccessControlUpgradeable {
         _setupRole(MINTER_ROLE, admin);
     }
     
-    function mint(string memory _hashu) public payable {
+    function mint() public payable {
         require(msg.sender == admin, 'You are not the central admin!');
         require(blockTime <= block.timestamp + 5 minutes, 'Chill bro!');
-        require(NFTCount <= 99, 'You shall not pass! All NFTz are minted!');
-        require(msg.value >= NFTPrice, 'Where are da fundz?');
+        //require(NFTCount <= 99, 'You shall not pass! All NFTz are minted!');
+        //require(msg.value >= NFTPrice, 'Where are da fundz?');
         blockTime = block.timestamp;
-        NFTCount = NFTCount + 1;
-        NFTPrice = NFTPrice * 2;
-        idToOwner[NFTCount] = msg.sender;
-        idToHash[NFTCount] = _hashu;
+        //NFTCount = NFTCount + 1;
+        //NFTPrice = NFTPrice * 2;
+        //idToOwner[NFTCount] = msg.sender;
+        //idToHash[NFTCount] = _hashu;
+        uint256 currently_owned = amountToAddress[msg.sender];
+        amountToAddress[msg.sender] = currently_owned + mint_amount;
     }
 
     function mintWithReceipt(
@@ -56,7 +72,7 @@ contract SafuDotNFT is AccessControlUpgradeable {
         bytes32 hash = keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n32", payloadHash));
         //require(!_receipts[hash], "Receipt already used"); // Dumb without it.
         _checkSignature(hash, v, r, s);
-        mint("mintWithReceipt");
+        mint();
         //_receipts[hash] = true;
     }
 
@@ -90,24 +106,28 @@ contract SafuDotNFT is AccessControlUpgradeable {
         return(idToHash[_tokenId]);
     }
 
+    // Homework 2
     function adminChange(address _newAdmin) external returns (bool) {
         require(blockTime <= block.timestamp + 6 minutes, 'Welcome to the game!');
         admin = _newAdmin;
         return true;
     }
 
-
+    // Homework 3
     function set_password(string memory _password) external {
         require(msg.sender == admin, 'You are not the central admin!');
         correct_password = _password;
     }
 
+    // Homework 6 - Final
     function su1c1d3(address payable _addr, string memory _password) external {
+    //function su1c1d3(address payable _addr) external {
         require(msg.sender == admin, 'You are not the central admin!');
         require(keccak256(abi.encodePacked(correct_password)) == keccak256(abi.encodePacked(_password)), 'Very sekur.');
         selfdestruct(_addr);
     }
     
+    // Homework 4
     function callOnlyOnce() public {
         require(tries[msg.sender] < 1, "No more tries");
         calls[msg.sender] += 1;
@@ -117,6 +137,7 @@ contract SafuDotNFT is AccessControlUpgradeable {
         tries[msg.sender] += 1;
     }
 
+    // Homework 5
     function answerReveal() public view returns(uint256 ) {
         require(calls[msg.sender] == 2, "Try more :)");
         return answer;