blockchain-securitylisted

# Blockchain Security ## Quick Start 1. Download and decompile contracts (source or bytecode) 2. Map storage layout and identify privileged operations 3. Check for delegatecall, CREATE address prediction, reentrancy, access control 4. Deploy exploit contracts via web3.py or cast/forge 5. Verify win condition (isSolved/flag endpoint) ## HTB Blockchain Challenge Pattern ```bash # Get connection info curl http://$HOST:$PORT/connection_info # -> PrivateKey, Address, TargetAddress, setupAddress # RPC endpoint RPC_URL="http://$HOST:$PORT/rpc" # Win condition: Setup.isSolved() must return true ``` ## Key Attack Vectors ### 1. Delegatecall Storage Manipulation When contract A does `delegatecall` to contract B, B's code runs with A's storage. - Deploy exploit contract that mirrors A's storage layout - Exploit contract writes to A's storage slots via delegatecall - **Critical**: Storage layout must match exactly (same slot ordering) - See [reference/delegatecall-attacks.md](reference/delegatecall-attacks.md) ### 2. CREATE Address Prediction (Nonce Manipulation) Contract addresses from CREATE are deterministic: `keccak256(rlp([sender, nonce]))[12:]` - Brute-force nonce to find which nonce produces target address - Send dummy transactions (self-transfers) to increment nonce - Deploy exploit contract at the exact nonce that hits target address - See [reference/create-address-prediction.md](reference/create-address-prediction.md) ### 3. Storage Layout & Slot Computation - Mappings: