Welcome to the first Capture the Flag (CTF) challenge focused on Sway Smart Contracts! Get ready to dive in.
This CTF presents a straightforward bug to find, but the real challenge lies in exploiting it. To succeed, you'll need three things:
- Good knowledge of Sway: Understanding the basics of Sway smart contracts is key.
- Basic knowledge of Rust: The tests are written in Rust, so familiarity is important.
- Familiarity with the Fuel Rust SDK for Testing: Essential for writing and understanding tests on Fuel.
The target contract for this challenge is based on the Fuel docs– specifically, the liquidity pool contract, where users can deposit and withdraw assets. While the bug is relatively simple for someone familiar with Fuel, your task is to exploit it by stealing the base asset deposited by an honest user.
The solution and tests can be found in the solutions folder, including:
- A detailed explanation of the bug.
- How the exploit is constructed and tested. This CTF will help you build muscle memory for writing exploits for Sway contracts and navigate the Rust errors that often pop up when testing them.
Before starting, make sure to read the README.md files in the necessary folders for each challenge to help you gain context.
This is my first attempt at creating something like this. If you enjoyed the challenge or found it helpful, please drop a review or post on Twitter and tag me @shealtileanz.
I used ChatGPT to give a more readable and concise ReadMe.
Enjoy :)