Arbitrary Execution @ Off The Chain Conference
Three weeks ago, Arbitrary Execution attended Off The Chain Conference in San Fransisco alongside some of the best security-focused minds in the blockchain space. We were invited to host an NFT Capture the Flag (CTF) challenge and speak at the event.
CTF 🚩
Overview
Our NFT CTF consisted of three challenges requiring varying degrees of smart contract knowledge. We aimed to create a CTF that would appeal to both newcomers to the space as well as those with more experience.
Process
Attendees received a printed QR code that could be redeemed for a free Proof of Attendance Protocol (POAP) token. In the background, a script hosted on one of our servers scanned for mint events with our POAP eventID. Each time one of our POAPs was minted, the script would submit a transaction to send one xDai to the wallet address of the minter (free money!).
Our CTF was a collection of smart contracts mimicking a “bank” on the xDai chain. Players had to interact with the On the Chain Bank smart contract in order to create an account, claim a sign-up bonus and get a loan approved in order to receive prize NFTs. We chose to deploy on the xDai chain because of low gas costs, and because it is the native chain for minting POAPs.
Players who didn’t have a wallet were directed to make one using punkwallet.io (Metamask worked as well) so they could interact with the contracts and receive NFTs. Challenges could be solved by writing to the contract on Blockscout, and using Remix, Hardhat, or Foundry to write and deploy custom contracts for the more difficult challenges.
Here is a recap of the challenges:
- Open a bank account 🏦— the first challenge required players to call a particular function on the contract to register with the bank.
- Claim a bonus 💰 — our bank offered bonuses to clients who had a bank account for longer than 72 hours. Since OTC Con was a single day, players had to find a way to manipulate their account creation timestamp.
- Get a loan approved 💳 — this challenge required players to deploy a smart contract to apply for a loan and get it approved. Players needed to call three separate functions on the bank contract in the same block.
Leaderboard ✏️
In the spirit of web3, the CTF’s leaderboard utilized decentralized technologies including the InterPlanetary Filesystem (IPFS), the InterPlanetary Name System (IPNS), and the Ethereum Name Service (ENS).
ENS
ENS is the decentralized, Ethereum-based naming alternative to the Domain Name System (DNS). The role of ENS is to map human-readable names to an Ethereum address or in our case, an IPNS address. Instead of having to recall a lengthy address, we can use a ENS name like nftctf.eth to access the leaderboard. The translation of this mapping is done through resolver smart contracts.
In web browsers, there are currently two gateways that help to resolve .eth domains: eth.link and eth.limo. Cloudflare manages the eth.link gateway, so when a user tries to access a link like nftctf.eth.link , Cloudflare’s servers will query ENS for a Content Identifier (CID). Once it has the CID, the server queries IPFS for the corresponding content to display to the user. While convenient, this centralized service goes against the web3 spirit, so the eth.limo gateway was created as a decentralized alternative.
The eth.limo gateway operates as a DAO and lets anyone run a node. The rules and actions of the organization are encoded in a smart contract and must pass a minimum quorum from the DAO members for actions to be taken. Gateway servers (nodes) are spread across many different owners, so no single entity, like Cloudflare, is in control. During the conference, users could access our scoreboard by browsing to nftctf.eth.limo.
IPFS
IPFS is a decentralized filesystem. Users can upload individual files, strings, or even a static website. IPFS will generate a hash (CID) for the content that is uploaded. This means that if two people upload the exact same content to IPFS, an identical hash will be generated. If the content were to change, then the hash would also change — IPFS guarantees that the content corresponding to a CID is not manipulated in any way. This did not quite fit our use case, since we wanted the ability to change our leaderboard website code without having to update the address our ENS name points to. This is where IPNS comes into play.
IPNS
IPNS provides IPFS addresses that can be updated. An IPNS name is the hash of a public key. The name is associated with a record that is signed by the corresponding private key. The record contains information about the corresponding IPFS CID (which remember, is content-based). New records can be updated and signed by the private key any time. We set nftctf.eth to resolve to an IPNS name, which allowed us to change the underlying record whenever we updated the website.
With the use of IPFS, IPNS, and ENS, we were able to deploy the leaderboard without our own infrastructure. At AE, we eat our own dogfood and embrace decentralized tech whenever we can.
Guest Speaker 🗣️
Our engineer Darian Chan presented at the conference. In his talk, “Hacking Smart Contracts With Mainnet Forking”, he showed attendees how to use Hardhat to recreate the Parity Multisig Hack. The slide deck can be found in our publications repository.
Arbitrary Execution is proud to partner with Off The Chain Conference, and advocate for security in the web3 space. If you or your team are interested in a security partnership, audit, or research and development, please reach out via our contacts page or email us directly at info@arbitraryexecution.com.
