With this platform, we have constructed a series of vulnerable smart contracts and DApps with real-life use cases, ranging from decentralized trust funds and open source lottery systems, to ICOs and automated royalty agreements. Each of these applications contain a vulnerability commonly found in smart contracts. Participants can practice exploiting these bugs to steal fake crypto-currencies and win points on our leaderboard.
As with our CMD + CTRL Cyber Range offerings, we have turned the experience into a game to make it fun and engaging. Throughout the platform we provide helpful hints and resources that assist users in learning more about the tools and methodologies used when developing, testing, and using DApps and smart contracts.
In the spirit of decentralization, we have developed the platform as a client-side DApp with our smart contracts running on the Ethereum Testnet Blockchain. This means that there is no back-end server components aside from a few statically hosted scripts. All state is managed by the permission-less, decentralized network running the Ropsten Testnet Blockchain.
Note: This project is not actively maintained. As of November 2022 the Ropsten Testnet was decommissioned, as such the CTF will not work in its current state and has not been mirated to another test network. When Security Innovation first launched this project it was one of the first of its kind and explained new classes of vulnerabilities as they were emerging in blockchain technologies. Over the years many new security vulnerabilities, learning tools, and exploit techniques have been developed. Security Innovation continues to lead in blockchain security and applied crpytography research and security assessments. To learn more about our offerings in this space please see https://www.securityinnovation.com/security-solutions/blockchain-solutions/.