Workshop for web3 bridge hacking at Hacktivity 2022
 
 
 
Go to file
six e6252db6b7 Init 2022-10-05 20:05:05 +02:00
ink Init 2022-10-05 20:05:05 +02:00
python Init 2022-10-05 20:05:05 +02:00
solidity Init 2022-10-05 20:05:05 +02:00
LICENSE Initial commit 2022-10-04 17:13:47 +00:00
README.md Init 2022-10-05 20:05:05 +02:00

README.md

pwn_w3bridges

Workshop for web3 bridge hacking at Hacktivity 2022

Scenario 1 - Receipt reuse - Topology

Story: Substrate system being built after ERC20 token is sold.

  • Substrate node with EVM pallet || Token minter smart contract (vuln here)
  • Bridge providing receipts || Checks bridge balance on Substrate node
  • Ethereum node || Token minter smart contract (target for mint)

https://remix.ethereum.org/ Faucet? https://polkadot.js.org/apps/ https://ethereum.org/en/developers/docs/standards/tokens/erc-20/ https://git.hsbp.org/six/eth_keygen

https://github.com/paritytech/substrate-contracts-node https://docs.substrate.io/quick-start/ https://substrate.io/developers/playground/ | alternative https://github.com/substrate-developer-hub/substrate-front-end-template

Commands

$

Scenario 2 - ECDSA signature forgery - Topology

Story: ink! smart contract interoperability.

  • Substrate node with ink!
  • No bridge, but signature forgery
  • Ethereum node

https://github.com/paritytech/ink https://use.ink/getting-started/setup https://medium.com/block-journal/introducing-substrate-smart-contracts-with-ink-d486289e2b59

Commands

$