PARADIGM GM CTF 2022 competition started at 8:00 a.m. SGT on August 20, 2022, and ended at 8:00 a.m. on August 22, 2022, for a total of two days. A total of 23 questions were given in the competition, and more than 400 teams participated. It is a relatively lively and challenging blockchain security CTF competition, attracting many of the world’s top blockchain security personnel to participate, because its topic is difficult, and it is not easy to get a Flag.
What is CTF?
CTF(Capture The Flag) is a popular form of information security competition. The general process is that the participating teams take the lead in obtaining a string of strings or other content with a certain format from the competition environment given by the organizer through offensive and defensive confrontation, program analysis, etc., and submit it to the organizer to win points. For the sake of convenience, we call such content “Flag”.
Numen Cyber Labs will be publishing analytical articles on this year’s competition topics, so stay tuned. This article first discusses the question analysis, problem solving skills and ideas of the rescue together.
CTF Question Analysis
1. MasterChefHelper.sol Contract
Analysis ：From above screenshot, we can see that the main functional interface that this contract can call externally is the swapTokenForPoolToken function. The meaning of each parameter is as follows:
poolId: is to query which uniswap corresponding to the pool in the MasterChef contract which pair address.
tokenIn: is the address where tokens are exchanged into the contract.amountIn: is the amount that the user needs to redeem.
minAmountOut: is the minimum number used to obtain lPs, which can be filled in with 0.
Its main function is to exchange half of the token transferred by the user into token0 in the specified pair contract, convert the other half to token1, and then add the two together in proportion to the pair to obtain liquidity.
2. Setup.sol Contract
Analysis: When the Setup contract was created, it first mortgaged 10 ETH, obtained 10 WETH, and then transferred these 10 WETH to the mcHelper contract. The title asks how to transfer the 10 welts under the mcHelper contract.
The question is how to transfer 10 WETH under the mcHelper contract？
To solve this problem, the only function we can call is the swapTokenForPoolToken function in the MasterChefHelper.sol contract. So we can focus on finding the answer from here. We found that when adding liquidity, the two tokens under the contract will be added together. At the moment, there are 10 WETH under the current contract. We can find a way to get another token of equal proportion and put it under the contract. Then the problem can be solved. ( Notice: to call this function successfully, the tokenIn passed in cannot be equal to the corresponding token0 and token1 in the pair contract)
We create an attack contract by ourselves. At first, there is a certain amount of ETH in our account. We can transfer part of it to the attack contract. At this time, we call the exchange function of uniswap to exchange the token to the one which is different with two codes in the pair corresponding to the incoming poolId. Here we exchange USDT.
Because there are 10 WETH in the mcHelper contract, we query the poolId and pass in 2 in the corresponding pair, token0 and token1 are DAI and WETH respectively. At this time, if we want to add 10 WETH under the contract together, we need to add The DAI corresponding to the exchange of 10 WETH is transferred to the mcHelper contract. Here, the editor changed 20 to prevent it from being insufficient.
Finally, this problem can be solved by calling the swapTokenForPoolToken function in the mcHelper contract, which is equivalent to 10 ETH worth of USDT exchanged for 5 ETH worth of WETH and 5 ETH worth of DAI, plus the transferred 20 ETH worth of DAI , you can add the previous 10 WETH under the contract to the pair in proportion to obtain liquidity, and the excess DAI will remain in the contract.
① When I solved the problem for the first time, the editor did not perform the second step, because when adding liquidity to the contract, all the tokens under the contract were added. The editor thought that all the tokens were added directly, but the mechanism of uniswap is proportional Added, WETH remains in the contract.
② The ETH in your original flexible account can be used. If you don’t exchange it flexibly, it is not easy to solve this problem.
The following is the main logic code of this POC. If there is a better way to solve the problem, I hope you can communicate with Numen Cyber Labs. We are willing to work together with you.
This CTF questions are difficult and challenging. Numen Cyber Labs will continue to research and explore them. It is incumbent upon protecting the security of the blockchain, and we hope to make progress and sublimation in each research and exploration.
Numen Cyber Labs is committed to facilitating the safe development of Web 3.0. We are dedicated to the security of the blockchain ecosystem, as well as operating systems & browser/mobile security. We regularly disseminate analyses on topics such as these, please stay tuned or visit our blog here for more!
This blog was originally published on our Medium Account.