ContractHacker - Ethereum Smart con- tract hacking platform for CTFs
Translated title
ContractHacker - Ethereum Smart contract hacking platform for CTFs
Author
Hørning, Emil Christian
Term
4. semester
Education
Publication year
2001
Submitted on
2001-06-30
Pages
70
Abstract
Denne afhandling undersøger, hvordan hacking af Ethereum-smart contracts kan integreres i sikkerheds-CTF’er (Capture The Flag), med udgangspunkt i behovet for at lære sikre kodningsprincipper i et miljø, hvor fejl kan få økonomiske konsekvenser. Arbejdet identificerer et hul i eksisterende løsninger: CTF-arrangører mangler en generel platform, der nemt kan tilføje smart contract-udfordringer til vilkårlige CTF-opsætninger. Afhandlingen formulerer derfor problemstillingen “Hvordan kan Ethereum-smart contract hacking indarbejdes i sikkerheds-CTF’er?”, analyserer sårbarheder (bl.a. re-entrancy), gennemgår læringsaspekter ved CTF’er, kortlægger nuværende platforme og deres faldgruber, og udleder krav til en ny løsning. På den baggrund designes, implementeres og testes ContractHacker—en platform, der understøtter udvikling og drift af smart contract-udfordringer i CTF-kontekster, herunder infrastrukturvalg, sikkerhedsovervejelser, udfordringsdesign og flag-håndtering. Platformen afprøves ved begivenheder, og brugerfeedback indsamles; afhandlingen afslutter med en diskussion af resultater og sikkerhedsaspekter. De konkrete testresultater og evalueringer beskrives i den fulde rapport.
This thesis examines how Ethereum smart contract hacking can be incorporated into security Capture The Flag (CTF) competitions, motivated by the need for developers to learn secure coding principles in an environment where mistakes can have financial impact. It identifies a gap in current offerings: CTF organizers lack a general-purpose platform that can seamlessly add smart contract challenges to arbitrary CTF setups. The work frames the research question—“How can Ethereum smart contract hacking be incorporated in security CTFs?”—then analyzes vulnerabilities (e.g., re-entrancy), reviews CTF-based learning, surveys existing platforms and their pitfalls, and derives requirements for a new solution. Based on this, the project designs, implements, and tests ContractHacker—a platform that supports creating and running Ethereum smart contract challenges within CTFs, including infrastructure choices, security considerations, challenge design, and flag handling. The platform is exercised at events and user feedback is collected; the thesis concludes with a discussion of results and platform security. Specific testing outcomes and evaluations are detailed in the full report.
[This summary has been generated with the help of AI directly from the project (PDF)]
Documents