npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

hardhat-ctf

v0.0.6

Published

Hardhat plugin for building solidity capture the flag (CTF) challenges.

Downloads

2

Readme

hardhat-ctf

Hardhat plugin for building solidity capture the flag (CTF) challenges.

What

This is a framework to implement a solidity CTF challenge.

Check the example folder for a sample challenge built using this plugin.

This plugin can be helpful when you:

  1. Don't want the flag to be available in the contract source code / bytecode.
  2. Want people to solve it in a competitive CTF environment where they get points for flags.
  3. Don't want people to be able to cheat by querying the RPC node for other people's transactions.
  4. Want to deploy the RPC server in a scalable stateless way in order to mitigate porential DDOS attacks.
  5. Want to provide a clean execution environment each time trying to solve the challenge (can be important when dealing with nonces or deploying contracts to specific addresses).

It achieves it by creating a temporary Hardhat Network for each websocket connection, initializing the challenge contracts, and allows the challenge author to hook into the RPC responses in order to inject the flag without it being on-chain.

Installation

npm install hardhat-ctf

Import the plugin in your hardhat.config.js:

require("hardhat-ctf");

Or if you are using TypeScript, in your hardhat.config.ts:

import "hardhat-ctf";

Tasks

This plugin provides the ctf-node task, which allows you run a websocket hardhat network that creates a temporary hardhat network for each websocket connection, and can hook into the RPC responses to inject the flag.

This plugin provides the ctf-try task, which allows you to try and solve the challenge. Once you solved it locally, you can run the ctf-try task with the --submit flag to send the solution to the remote CTF node in order to obtain the real flag.

Configuration

This plugin extends the HardhatUserConfig object with ctfResponseHook and ctfRemoteNode fields.

The ctfResponseHook field is only relevant for the npx hardhat ctf-node task, while the ctfRemoteNode is only relevant for the npx hardhat ctf-try --submit task.

This is an example of how to set it:

import { ethers } from "ethers";
import { EthereumProvider, JsonRpcRequest } from "hardhat/types";
import { JsonRpcResponse, SuccessfulJsonRpcResponse } from "hardhat/internal/util/jsonrpc";

const config: HardhatUserConfig = {
  solidity: "0.8.4",
  ctfRemoteNode: "ws://ctf.example.com:8545",
  ctfResponseHook: async (provider: EthereumProvider, rpcReq: JsonRpcRequest, rpcResp: JsonRpcResponse) => {
    if (
      rpcReq.method === "eth_call"
      && rpcReq?.params?.[0]?.to == "0x5fbdb2315678afecb367f032d93f642f64180aa3"
      && (rpcReq?.params?.[0]?.data || '').startsWith('0x95fdc999')
      && (rpcResp as SuccessfulJsonRpcResponse).result == ethers.utils.defaultAbiCoder.encode(["string"], ["CTF{mock_flag}"])
    ) {
      (rpcResp as SuccessfulJsonRpcResponse).result = ethers.utils.defaultAbiCoder.encode(["string"], [process.env.CTF_FLAG ?? "Use the CTF_FLAG environment variable when running 'npx hardhat ctf-node'"]);
    }
    return rpcResp
  },
};

Usage

Check out the example folder for an example project using this plugin to create a CTF challenge.

On the server running the CTF node which validates solutions and gives the flag to succesful contestants, run:

npx hardhat ctf-node

Then, edit the hardhat.config.ts file to point the config's ctfRemoteNode field to your server running ctf-node, and give the folder to anyone who wants to try solving the challenge.