PumpkingWok
CTFGym
Solidity

List of CTF related to Ethereum world (solidity smart contracts)

Last updated Dec 27, 2025
121
Stars
8
Forks
0
Issues
0
Stars/day
Attention Score
44
Language breakdown
Solidity 100.0%
Files click to expand
README

List of CTF in Ethereum world

I'd like to maintain a list of ctf related to solidity smart contracts. (both testnet and mainnet) You have to install Metamask plug-in in your browser.

CTF in Ropsten

- Original contracts - PART1 - FunctionTypes - PART2 - SafeExecution - PART3 - HoneyPot - PART4 - FinePrint
  • CTF developed by Reddit user u/eththrowaway4 (Deployed on Jul-02-2018)
- Original contract - 0x0dAabcE0a1261B582e0d949EbCA9DFf4c22C88ef

CTF in Mainnet

  • CTF developed by pvienhage (Deployed on Nov-29-2018)
- Original contracts - 0x7cd03C9f1D2dc95358B1992e9afc857aeaab45D5 (0.25 ether, GONE) Source Code - 0x8bd25c23d1d01e3216f3410146153f14775dbb6f (0.5 ether, GONE) - 0xf278b6fcbc091640082475d36db19da5123da79e (1 ether, GONE) - Walkthrough by author
  • CTF developed by p4d (Deployed on Dec-07-2018)
- Original contract - 0x661a64DcC2f04117D0F8A919E2aC66aF8d401d6 (1 ether, GONE) - Source Code (Bot stole the prize) - Safe Version (Use of OneTimeToken)
  • CTF developed by ConsenSys Diligence (Deployed on Feb-26-2019) (The first of a series)
- Announcement - Original contract - 0x68Cb858247ef5c4A0D0Cde9d6F68Dce93e49c02A (GONE, resolved by @samczsun) - Solution writeup written by samczsun (200 DAI bounty reward)

LOCAL CTF

  • DamnVulnerableDeFi
- Website - Repo
  • Paradigm CTF 2021
- Repo
  • Paradigm CTF 2022 (TBA)
- Website

CTF-BOT Resistant

I developed a simple utility contract, OneTimeToken (OTT), for mitigate the issue regard CTF and every contracts where a malicious user or bot could listen on blockchain and wait to find useful info, for instante to discover the input parameters needed to call functions for winning a CTF and create the same transaction with higher gas fees.

The contract OneTimeToken.sol is similar to Ownable.sol developed by OpenZeppelin, but it includes the way to request a token access for a fixed time (15 minutes by default), it also can be changed by contract owner. In this way only the owner of token access can do some sensitive function calls until the token access expired and someone else request it.

Implementation

pragma solidity ^0.5.0;
import 'https://github.com/PumpkingWok/CTFGym/contracts/OneTimeToken.sol';
contract CTF is OneTimeToken {
  function resolveCTF(solution) onlyTokenOwner {
  }
}
Every ctf creator, for instance, could use it in easy way only including ´onlyTokenOwner´ in sensitive functions.

The user that find the solution to the challenge, can call resolveCTF(solution) in safe mode having token access (requestTokenOwner() in OTT).

Resources

Contribute

You feel free to collaborate in any way, it would be much appreciated.

© 2026 GitRepoTrend · PumpkingWok/CTFGym · Updated daily from GitHub