Logo of this course

Escape @zachxbt and @samczsun


Your first challenge is to escape the on-chain investigatooors. You've probably seen Twitter threads of @zachxbt and @samzcsun exposing a hack or finding a security vulnerability in a contract.

How are they so good at uncovering such on-chain mysteries? What extraordinary tools do they use? Actually, there are no fancy tools. All they use is Etherscan. You just need to know how to use it correctly. All data is public on Etherscan so you can deduce what a transaction/contract is doing (even if the contract has not been verified). You just need to know where to look…

In this CTF, we are going to make the on-chain investigatoor’s job really hard by obfuscating our transactions.

Here is what you will learn by the end of this CTF:

  • How to interact with an unverified contract (without having access to its ABI)
  • Understand what a contract is doing by reading its bytecode
  • How to obfuscate your transactions from Etherscan (and other prying eyes)

Isn't this magic?

Calling an unverified contract

Reading bytecode

Building custom ABI

Prove your knowledge on-chain