Challenge Description This challenge, authored by @KLM, involves exploiting a vulnerability in a vyper smart contract that utilize a Cross-Function-Reentrancy due to a problem in the vyper version. This smart contract is made for a company to sell shares on the blockchain to help and ensure everything is secure, tracked and transparent. Vulnerability Overview 🛑 Vulnerability: The vulnerability lies in the insecure version of Vyper that desynchronise the values of the @nonreentrant("lock") between function in a contract and the bad execution flow management.

Challenge Description This challenge, authored by @Ethnical and @fadam, involves exploiting a vulnerability in a blockchain network server that processes incoming network messages. The vulnerability allows an attacker to cause a Denial of Service (DoS) by exhausting the server’s memory. Vulnerability Overview 🛑 Vulnerability: The vulnerability lies in the unchecked allocation of memory based on user-controlled input length, leading to potential memory exhaustion. Technical Analysis Vulnerability Details Unchecked Length Parameter:

Challenge Description This challenge, authored by @Elweth, involves exploiting a vulnerability in a SQL Query which lets you abuse the LIKE clause to first bypass authentication and then retrieve the entire API key. Vulnerability Overview 🛑 Vulnerability: The vulnerability lies in the SQL query, which remains vulnerable despite the use of the prepare statement system in Python. Conventional SQL injection exploitation methods won’t work here, because the query is correctly prepared with python.

Solution of the recruitment CTF of ComCyber during September 2024

Ever wanted to write (good) solution on Root-Me ? You are in the right place

Gregory Gille @1-vek, co-founder of Hyvilo and CEO of GEOIDE, Sponsor Specialist of Root-Me. Find out more about his career and his story with Root-Me!