Mr Steal Yo Crypto — Jpeg Sniper

This is the #1 challenge of Mr Steal Yo Crypto. I will try to explain how to find the vulnerability. A set of challenges to learn offensive security of smart contracts. Featuring interesting challenges loosely (or directly) inspired by real world exploits. Created by @0xToshii I used the foundry version for this CTF: mr-steal-yo-crypto-ctf-foundry Jpeg Sniper Hopegs the NFT marketplace is launching the hyped NFT collection BOOTY soon. They have a wrapper contract: FlatLaunchpeg, which handles the public sale mint for the collection. Your task is to bypass their safeguards and max mint the entire collection in a single tx. ...

July 22, 2023 · 4 min · 730 words · Bretzel

Mr Steal Yo Crypto — Safu Vault

This is the #2 challenge of Mr Steal Yo Crypto. I will try to explain how to find the vulnerability. A set of challenges to learn offensive security of smart contracts. Featuring interesting challenges loosely (or directly) inspired by real-world exploits. Created by @0xToshii I used the foundry version for this CTF: mr-steal-yo-crypto-ctf-foundry Safu Vault Safu Labs has just released their SafuVault, the ‘safest’ yield generating vault of all time, or so their twitter account says. Their SafuVault expects deposits of USDC and has already gotten 10,000 USDC from users. You know the drill, drain the funds (at least 90%). You start with 10,000 USDC. ...

July 22, 2023 · 3 min · 621 words · Bretzel

Mr Steal Yo Crypto — Free Lunch

This is the #4 challenge of Mr Steal Yo Crypto. I will try to explain how to find the vulnerability. A set of challenges to learn offensive security of smart contracts. Featuring interesting challenges loosely (or directly) inspired by real-world exploits. Created by @0xToshii I used the foundry version for this CTF: mr-steal-yo-crypto-ctf-foundry Free Lunch SafuSwap has just launched their sexy new UniswapV2 fork. It includes a SafuMakerV2 contract which is tasked with converting protocol trading fees to SAFU, its farm token, for later distribution to SAFU stakers. ...

July 22, 2023 · 6 min · 1083 words · Bretzel

Mr Steal Yo Crypto — Safu Wallet

This is the #5 challenge of Mr Steal Yo Crypto. I will try to explain how to find the vulnerability. A set of challenges to learn offensive security of smart contracts. Featuring interesting challenges loosely (or directly) inspired by real-world exploits. Created by @0xToshii I used the foundry version for this CTF: mr-steal-yo-crypto-ctf-foundry Safu Wallet After Safu Labs’ SafuVault product was exploited, they decided to start fresh and venture into the secure web3 tooling space — what could go wrong. ...

July 22, 2023 · 3 min · 479 words · Bretzel

Mr Steal Yo Crypto — Tasty Stake

This is the #6 challenge of Mr Steal Yo Crypto. I will try to explain how to find the vulnerability. A set of challenges to learn offensive security of smart contracts. Featuring interesting challenges loosely (or directly) inspired by real-world exploits. Created by @0xToshii I used the foundry version for this CTF: mr-steal-yo-crypto-ctf-foundry. Tasty Stake [redacted] labs have released their TastyStaking contract, which allows you to stake STEAK in order to farm BUTTER tokens. ...

July 22, 2023 · 3 min · 444 words · Bretzel

Mr Steal Yo Crypto — Freebie

This is the #7 challenge of Mr Steal Yo Crypto. I will try to explain how to find the vulnerability. A set of challenges to learn offensive security of smart contracts. Featuring interesting challenges loosely (or directly) inspired by real-world exploits. Created by @0xToshii I used the foundry version for this CTF: mr-steal-yo-crypto-ctf-foundry Freebie There’s a staking contract RewardsAdvisor which accepts FARM tokens and mints an equivalent amount of xFARM. xFARM is used for governance and within [redacted]’s defi ecosystem. Your task is to drain 99.99%+ of the FARM tokens from this contract. ...

July 22, 2023 · 3 min · 500 words · Bretzel

Mr Steal Yo Crypto — Inflationary Net Worth

This is the #9 challenge of Mr Steal Yo Crypto. I will try to explain how to find the vulnerability. A set of challenges to learn offensive security of smart contracts. Featuring interesting challenges loosely (or directly) inspired by real-world exploits. Created by @0xToshii I used the foundry version for this CTF: mr-steal-yo-crypto-ctf-foundry Inflationary Net Worth There’s a MasterChef contract which accepts MULA tokens and mints MUNY as rewards to stakers. ...

July 22, 2023 · 4 min · 767 words · Bretzel

Mr Steal Yo Crypto — Governance Shenanigans

This is the #10 challenge of Mr Steal Yo Crypto. I will try to explain how to find the vulnerability. A set of challenges to learn offensive security of smart contracts. Featuring interesting challenges loosely (or directly) inspired by real world exploits. Created by @0xToshii I used the foundry version for this CTF: mr-steal-yo-crypto-ctf-foundry Governance Shenanigans The NotSushiToken governance token contract has been launched, which was configured to determine who should be named the best sushi chef. Who wouldn’t want that clout? ...

July 22, 2023 · 4 min · 801 words · Bretzel

Mr Steal Yo Crypto — Bonding Curve

This is the #11 challenge of Mr Steal Yo Crypto. I will try to explain how to find the vulnerability. A set of challenges to learn offensive security of smart contracts. Featuring interesting challenges loosely (or directly) inspired by real world exploits. Created by @0xToshii. I used the foundry version for this CTF: mr-steal-yo-crypto-ctf-foundry. Bonding Curve [Redacted] have released two token contracts for their upcoming game: EMN & TOKEN, which allow you to mint based on their respective bonding curves. ...

July 22, 2023 · 4 min · 845 words · Bretzel

Mr Steal Yo Crypto — Flash Loaner

This is the #12 challenge of Mr Steal Yo Crypto. I will try to explain how to find the vulnerability. A set of challenges to learn offensive security of smart contracts. Featuring interesting challenges loosely (or directly) inspired by real world exploits. Created by @0xToshii I used the foundry version for this CTF: mr-steal-yo-crypto-ctf-foundry Flash Loaner No defi functionality has safeguarded crypto more from exploits than the humble flash loan. ...

July 22, 2023 · 4 min · 797 words · Bretzel