six
/
pwn_w3bridges
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Workshop for web3 bridge hacking at Hacktivity 2022
5 Commits
1 Branch
0 Tags
1.9 MiB
Rust 65.1%
Python 27.1%
JavaScript 7.8%
 
 
 
Go to file
six 596e8dec08 Receipt reuse and forgery tools 2022-10-06 17:17:05 +02:00
ink Receipt reuse and forgery tools 2022-10-06 17:17:05 +02:00
python Receipt reuse and forgery tools 2022-10-06 17:17:05 +02:00
solidity Receipt reuse and forgery tools 2022-10-06 17:17:05 +02:00
LICENSE Initial commit 2022-10-04 17:13:47 +00:00
README.md Receipt reuse and forgery tools 2022-10-06 17:17:05 +02:00

README.md

pwn w3bridges

Workshop for "web3" bridge hacking at Hacktivity 2022

Agenda

Introduction

  • Web3 vs web2 hacking, concepts / workshop topology

Environment setup, system requirements

  • Any browser for Ethereum, Remix
  • Substrate, Rust nightly

Scenario 1: Token on two chains, mint using receipt

  • Solidity basics, using remix for compile
  • Exploit visibility, take admin
  • ECDSA Ethereum basics
  • Mint with receipt -> Find the vuln!

Scenario 2: Signature forgery (any chain)

  • Deploy SC on Ethereum chain
  • Compile Substrate with EVM
  • Deploy SC
  • Test ECDSA signature forgery exploit from one to other

Resources

Scenario 1

https://remix.ethereum.org/ https://www.tutorialspoint.com/solidity/solidity_operators.htm https://polkadot.js.org/apps/ https://ethereum.org/en/developers/docs/standards/tokens/erc-20/ https://git.hsbp.org/six/eth_keygen

Scenario 2

https://github.com/paritytech/substrate-contracts-node https://docs.substrate.io/quick-start/ https://github.com/substrate-developer-hub/substrate-front-end-template https://github.com/paritytech/ink https://github.com/paritytech/substrate/blob/master/primitives/core/src/ecdsa.rs https://use.ink/getting-started/setup https://medium.com/block-journal/introducing-substrate-smart-contracts-with-ink-d486289e2b59 https://substrate.io/developers/playground/