M4sk’s Blog

cosmos生态 https://github.com/cosmos/cosmos-sdk https://docs.cosmos.network/v0.50/learn/intro/overview https://tutorials.cosmos.network/ https://tutorials.cosmos.network/hands-on-exercise/0-native/1-preparation.html 应用链 专用于特定应用的区块链（Application-specific blockchain），也叫应用链（Appchain）， 是指专为运营某一个特定应用而设计的区块链，与之对应的为多个应用共同运行而设计的公共区块链。 vuln «解析我挖到的Ethermint链任意代币增发0day» https://www.iczc.me/post/ethermint-cve-2021-25837/ https://www.youtube.com/watch?v=icK07IuX4po Terra 区块链成为利用 Cosmos 链漏洞的恶意攻击的目标，导致未经授权提取价值约 400 万美元的资产。 Terra 链因紧急升级而暂停。似乎有人利用 IBC 漏洞在 Terra 链上铸造多个代币，包括 ASTRO. 这个漏洞在今年 4 月已经披露，属于是 cosmos 基础库中的漏洞，但 Terra 没有修复。 尽管该问题自 4 月起就已为公众所知，但 2024 年 6 月在 Terra 2.0 上安装的升级包忽略了这一点，从而为安全漏洞铺平了道路。 https://hackerone.com/cosmos?type=team 《Cosmos生态安全指南》 https://mp.weixin.qq.com/s/RFHGOZNKMYCJ6ntvCNokFQ https://indd.adobe.com/view/91035407-4f21-4383-9485-a56394d9f95f

https://2024.justctf.team/challenges 有三道blockchain题目，都是sui move的, 这些题目使用sui-ctf-framework进行部署，我觉得还挺有意思的. 以tos_docker.tar.gz这道签到题为例，分析下出题框架. 调用solve https://github.com/m4sk93/movectf/blob/b73a9ca26fd44b00e00eeca837ea2b481bf35c45/justctf2024/tos/sources/framework/src/main.rs#L162-L187 准备参数时，需要获取一些ObjectID // Prepare Function Call Arguments let mut args_solve: Vec<SuiValue> = Vec::new(); let spellbook = SuiValue::Object(FakeID::Enumerated(2, 0), None); args_solve.push(spellbook.clone()); let type_args_solve: Vec<TypeTag> = Vec::new(); // Call solve Function let ret_val = match sui_ctf_framework::call_function( &mut adapter, sol_addr, "solve", "solve", args_solve, type_args_solve, Some("solver".to_string()), ).await { Ok(output) => output, Err(e) => { let _ = adapter.cleanup_resources().await; println!("[SERVER] error: {e}"); return Err("error during call to solve::solve".into()) } }; println!...

考察闪电贷 题目源码 https://github.com/movebit/movectf2024-day1/tree/main/swap 环境搭建 部署后，先调用初始化函数 #!/bin/bash PackageID=0x2d1ee80d8152a1b3f941c915748a680a1467dcdffe3f261527b190deddf8e48a minta=0x5bc9a9a9ed82b9a0de90b6ec3926b162db1a5149937e88fb9c5e49e700d8cde9 #ObjectType: 0x2d1ee80d8152a1b3f941c915748a680a1467dcdffe3f261527b190deddf8e48a::ctfa::MintA<0x2d1ee80d8152a1b3f941c915748a680a1467dcdffe3f261527b190deddf8e48a::ctfa::CTFA> a_type='0x2d1ee80d8152a1b3f941c915748a680a1467dcdffe3f261527b190deddf8e48a::ctfa::CTFA' mintb=0xb6bfd99e4341eaa3e630982750bcd4b75b1cd9d86dbeac46a83b84731bb15fb9 #ObjectType: 0x2d1ee80d8152a1b3f941c915748a680a1467dcdffe3f261527b190deddf8e48a::ctfb::MintB<0x2d1ee80d8152a1b3f941c915748a680a1467dcdffe3f261527b190deddf8e48a::ctfb::CTFB> b_type='0x2d1ee80d8152a1b3f941c915748a680a1467dcdffe3f261527b190deddf8e48a::ctfb::CTFB' sui client call --package $PackageID \ --module vault \ --function initialize \ --type-args $a_type $b_type \ --args $minta $mintb \ # public entry fun initialize<A,B>(capa: MintA<A>, capb: MintB<B>,ctx: &mut TxContext) { # let vault = Vault<A, B> { # id: object::new(ctx), # coin_a: coin::into_balance(ctfa::mint_for_vault(capa, ctx)), # coin_b: coin::into_balance(ctfb::mint_for_vault(capb, ctx)), # flashed: false # }; # transfer::share_object(vault); # } 初始化操作会给vault 100个coinA和100个coinB,给sender 10个coinA和10个coinB...

原题目在https://github.com/movebit/movectf-4/blob/master/sources/module.move 考察闪电贷 由于Move2024有些变化，我对源码做了微调https://github.com/m4sk93/movectf/tree/main/movectf2022/flashloan 环境搭建 参考MoveCTF2022 Checkin部署题目后， 为了后续调用方便，在配置文件中添加package ID [package] name = "movectf2022_flashloan" edition = "2024.beta" # edition = "legacy" to use legacy (pre-2024) Move # license = "" # e.g., "MIT", "GPL", "Apache 2.0" # authors = ["..."] # e.g., ["Joe Smith (joesmith@noemail.com)", "John Snow (johnsnow@noemail.com)"] published-at = "0x2a61d471519b8e85a7730bebcfc3c5cace6ffffb2f5576d593821422d514adc2" # package id [dependencies] Sui = { git = "https://github.com/MystenLabs/sui.git", subdir = "crates/sui-framework/packages/sui-framework", rev = "framework/testnet" } [addresses] #movectf2022_flashloan = "0x0" movectf2022_flashloan = "0x2a61d471519b8e85a7730bebcfc3c5cace6ffffb2f5576d593821422d514adc2" # package id 编写exp 为了调用题目，在配置文件中添加依赖...

本文通过MoveCTF2022的签到题，介绍Sui基本的发布、测试方法。 Sui开发环境搭建请参考 使用VPS从0搭建Sui开发环境 原题目在https://github.com/movebit/movectf-1/blob/master/sources/module.move 搭建题目环境 在testnet搭建 由于Move2024版本的变化，调整了下源码 test@VM-0-7-debian:~$ sui client switch --env testnet Active environment switched to [testnet] test@VM-0-7-debian:~$ sui move new movectf2022_checkin test@VM-0-7-debian:~$ cd movectf2022_checkin/ test@VM-0-7-debian:~/movectf2022_checkin$ ls Move.toml sources tests test@VM-0-7-debian:~/movectf2022_checkin$ cd sources/ test@VM-0-7-debian:~/movectf2022_checkin/sources$ ls movectf2022_checkin.move test@VM-0-7-debian:~/movectf2022_checkin/sources$ vim movectf2022_checkin.move test@VM-0-7-debian:~/movectf2022_checkin/sources$ cat movectf2022_checkin.move /// Module: movectf2022_checkin module movectf2022_checkin::movectf2022_checkin { use sui::event; use sui::tx_context::{Self, TxContext}; ///Visibility annotations are required on struct declarations from the Move 2024 edition onwards. ///struct Flag has copy, drop { public struct Flag has copy, drop { user: address, flag: bool } public entry fun get_flag(ctx: &mut TxContext) { event::emit(Flag { user: tx_context::sender(ctx), flag: true }) } } test@VM-0-7-debian:~/movectf2022_checkin$ sui move build ....