Skip to content

Latest commit

 

History

History

04-nft

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
.cargo
.cargo
 
 
src
src
 
 
.editorconfig
.editorconfig
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 

README.md

Awesomwasm 2023 CTF - Challenge 08: Gjallarhorn

This is a clone of Challenge 08: Gjallarhorn with the bonus solution submitted by @baoskee.

Purpose

Open marketplace for an NFT project. Users can sell their own NFTs at any price or allow others to offer different NFTs in exchange to trade.

Execute entry points:

pub enum ExecuteMsg {
    BuyNFT {
        id: String,
    },
    NewSale {
        id: String,
        price: Uint128,
        tradable: bool,
    },
    CancelSale {
        id: String,
    },
    NewTrade {
        target: String,
        offered: String,
    },
    AcceptTrade {
        id: String,
        trader: String,
    },
    CancelTrade {
        id: String,
    },
}

Please check the challenge's integration_tests for expected usage examples. You can use these tests as a base to create your exploit Proof of Concept.

🏠 Base scenario:

  • The contract is newly instantiated.
  • USER1 and USER2 placed new sales of their NFTs, one of them is open for trades and the other does not.

⭐ Goal for the challenge:

  • Demonstrate how a user can retrieve other users' NFT for free.

❗ The usage of cw-multi-test is mandatory for the PoC, please take the approach of the provided integration tests as a suggestion.

❗ Remember that insider threats and centralization concerns are out of the scope of the CTF.