This contest is dedicated to finding vulnerabilities in smart-contracts. To be able to participate you need to have a couple of TON, know how to compose arbitrary cells (via fift/tonweb/ton3/ton(whales)/tongo/pytonlib), know how to compose internal messages and send messages to the network. It will be useful to know how to read tl-b notation.
Each contract contains major flow which allows to bypass intended logic and stole all funds.
There will two stages of the contest:
- The first 5 contracts are revealed at the same time to hack. After all smart contracts of the first stage will be hacked, there will be a 15-minute break.
- The last 3 contracts will be revealed one by one: once a contract is hacked, there will be a 15-minute break and the address and info of the next smart contract will be revealed.
For almost all contracts their funC code will be available on reveal. Some, however, will be closed sourced: you will need to disassemble them via tonwhales.com / tonscan.org / dton.io / ton.cx
| Task | Address |
|---|---|
| 1. Mutual funds | EQBuOFgr-R0W6-guv3B1D2bkiqWu1o5YsUMqjgqVuI3V1ETo |
| 2. Bank | EQAcUZubVYakkC5IiW1k9sFroNSfCfXYIgp5t5ba0w-CtBoq |
| 3. DAO | EQAio2xuMYJqJZlXG4e1TeKpeWn976tcZTXybVKVIuphuoVy |
| 4. Lottery | EQAb7oOzKXG31RD6Ob9O4tEbVebY2zJo5ARggkf-mWSyQb4M |
| 5. Wallet | EQBe9ZblcnkpGklcpQni_O4Y1_YD-80FSTxF9kd8R53L2hIi |
| Task | Address |
|---|---|
| 6. Vault | EQB7QOtPKxZjgo6jDGTk9ZSvgkgZb8wys1-ptFZB2TXC3V3p |
| 7. Better bank | EQD9XPtwX7jn4gSQCchnb9zxpLfxfANes7EkHlWigzi_BHAI |
| 8. Dehasher | EQD3BByx0Af1jU-9dKIoK4hX0v4wDQD3sxd-i8jvVJtIrTr9 |
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent