Using contracts to store data efficiently

Reverse engineer a profitable MEV strategy

Understanding the "why" of various gas optimizations

What types of flows consume the most gas?

Grokking proxies & clones using just 2 opcodes

Interesting CREATE2 use cases

The CTF that will make you write Yul and Huff

Bend Ethereum bytecode to your will

Anonymize your transactions to escape the on-chain investigatoors.

Escape @zachxbt and @samczsun

Your first challenge is to escape the on-chain investigatooors. You've probably seen Twitter threads of 

 exposing a hack or finding a security vulnerability in a contract.

How are they so good at uncovering such on-chain mysteries? What extraordinary tools do they use? Actually, there are no fancy tools. All they use is Etherscan. You just need to know how to use it correctly. All data is public on Etherscan so you can deduce what a transaction/contract is doing (even if the contract has not been verified). You just need to know where to look…

In this CTF, we are going to make the on-chain investigatoor’s job really hard by obfuscating our transactions.

Here is what you will learn by the end of this CTF:

How to interact with an unverified contract (without having access to its ABI)

Understand what a contract is doing by reading its bytecode

How to obfuscate your transactions from Etherscan (and other prying eyes)

. You can see that Etherscan was able to deduce what function was called (and its parameters) even if the contract itself is unverified.

How is Etherscan able to do that? The answer lies in transaction data, aka 

There is an unverified contract on mainnet: 

You suspect that this contract might have this function:

Your task is to call this contract to confirm your intuition. What does 

You need to construct calldata for calling 

 and paste that into the TODO below. You can use the following code to interact with the contract programmatically. (to edit the code you will need to open it on Replit and fork it or copy it to your local machine).

 in order to know how to construct the right calldata.

 function. Find other transaction calls to the same function (in the same contract) and try to compare their calldata. A few other examples: 

and remember, the answer lies in transaction data, aka 

 (gated by your address) for discussions. Or drop by during office hours which I hold a couple of times a week (the schedule is in Discord).

Escape @zachxbt and @samczsun

Calling an unverified contract

Reading bytecode

Building custom ABI

Prove your knowledge on-chain