Cryptorun warm-up: I just hid 4x0.25 ETH in Brussels — let the bounty hunt start!

You want free Ether? Run run run!

Ready to run and hunt?

The Cryptorun challenge is coming up soon, in one month from now. This challenge is about BeCode, crypto, running, and Brussels. Since I’ll be running more than 60KM during the challenge, I thought it’d be even nicer to share the efforts and get some other folks to run a bit as well for crypto. Enters the Cryptorun Bounty Hunt warm-up! Ready?

The rules of the game

The game is simple:

  • I have hidden 4 QR codes across my favourite running spots in Brussels
  • Each QR code links to a unique secret website, with a unique secret password in the URL parameters
  • Each website is a DApp connected to its own smart contract, which will let you query the smart contract to claim your bounty using the secret password
  • Each smart contract has been topped-up with 0.25 ETH, that are yours to claim if you’re the first to find a QR code!

An example to warm you up

First of all, note that the whole code behind this bounty hunt is open-sourced and can be found on Cryptizens’ GitHub. Now for a little example (all on the test net, while the real challenge is on the main net). The QR code below is a link to a website, scan it with your smartphone for example:

A sample secret QR code

Got it? Maybe you need to send the link from your smartphone to your computed. It should lead you to this lengthy address: http://a777aaa4eb79df623933add32490950f9e9e8d00f1a9.cryptorun.brussels.s3-website.eu-central-1.amazonaws.com/?secret=f172873c63909462ac4de545471fd3ad3e9eeadeec4608b92d16ce6b500704cc

Note the very long domain name (the longest allowed by AWS S3, actually), as well as the ‘secret’ parameter. On the website, you’ll see this nice button:

Exciting, eh?

When you click it, MetaMask will open and ask you to make a transaction to this smart contract:

The smart contract is out there, waiting for you!

See the function claimBounty on line 20? It will only be triggered if the right secret is used, as the below tests show.

Test, test, test — always test stuff

If you found the right secret, you’ll get the bounty baby. Ain’t it nice? The secret is very though to guess so hopefully the only way to get the money is really to be the first one to find the QR code. Plus, the complex link makes it difficult even to find the contract in the very place. But I’d be happy to hear about and learn from successful hacking attempts.

So, let’s go!

Since I’m found of running in Brussels, I’ve hidden the 4 QR codes in nice running spots. Below is my personal Strava running heatmap, which should give you a good indication of the overall playground. I hope that this bounty hunt gives you the chance to discover some of these amazing locations as well!

My personal Strava heatmap

I will reveal the first of the 4 locations on April 17 evening, then 1 new location every 5 days. Stay tuned to be the first in the know! You can follow me on LinkedIn, here on Medium, or register directly on this form, letting me know you want to be notified of new locations.

I wish you a lot of success for this game, and please spread the love about BeCode and the Cryptorun challenge

Cheers and thanks for reading!

Thomas from Cryptizens.io