Ethernaut category

Continuing the discussion from Leave feedback here!, where @scammi said:

That's a fantastic idea! I'm in.

To me, as a general rule (although YMMV) github issues are for bug reports and pull requests, while this forum is more suited for discussions like level ideas, walkthroughs and development.

I'd like to summon here to @ajsantander (Ethernaut creator and overlord) and @gorlitzer who had a similar ideea, although I think his was more oriented to smart contract security and vulnerabilities.

3 Likes

Hey people! Yup. Definitely. Ethernaut has been needing some love from the community lately, so letā€™s do it!

2 Likes

Sounds good to me! A place for walkthroughs and and general discussion would be great!

I know you guys have plenty of work already, if I could help in any way I would be glad.

2 Likes

Thank you so much for the offer! Weā€™ll be sure to reach out if needed :slightly_smiling_face:

1 Like

Of course! Help is always welcome :heart:

How would you like to contribute? With the Ethernaut category, with the OSS projects (ZeppelinOS / OpenZeppelin), with the forum or the community in general? Thereā€™s a lot of places :slight_smile:

1 Like

I would like to help on the Ethernaut category, Iā€™ve been playing the game and taking notes, thinking about how to lessen the learning curve for beginners like me, so to widen the audience. Things like how to interact with contracts, reviewing concepts, making walkthroughs.

I would also enjoy contributing to the forum and the community in general, nothing in particular, but anything you guys may need.

And thank you for the forum and work, Iā€™ve learned a lot through your blogs and studying how ZOs works.

4 Likes

Hey! Any help with Ethernaut would be greatly appreciated. Weā€™ve been too busy lately to give it the attention and love it needs. If youā€™d like to help, Iā€™d start by looking at the existing pull requests. Any help reviewing them would be great.

5 Likes

This is great! Do you have any ideas? Feel free to make a thread for them :slight_smile:

2 Likes

Great, I am looking at it, I will review the 'Add support for other languages' PR, since it seems almost done and of much value, could be used to attract Korean and Chinese users.

1. Visibility:

  • Add more exposure in pages.If you visit zepelling.solutions main page or the forum and search for 'Ethernaut' there is no match. Many potential users could be gain.
  • Organize CTF Ethernaut like competitions for prizes

2. Accessibility: Lowering the learning curve

This are some ideas, what I will be doing for now is reviewing the pull request and finishing the Ethernaut! And thank you for your time.

1 Like

You're right, that's a key one.

I love this one!

:rocket:

Thank you! What you're doing is super valuable for the project :zap:

I suggest we create that content here in the forum to kickstart the newly created ethernaut category :smiley:

1 Like

Iā€™ve started working already :writing_hand:
I will be posting soon!

2 Likes

Hi! Iā€™d be interested in helping creating the official walkthroughs. I was planning on creating videos for each challenge. Maybe a write-up.

But Iā€™m having issues setting up Truffle for later levels. So that might be where I will start helping out here. Iā€™d like to know what would be helpful for new comers too.

3 Likes

Great! The only walkthroughs Iā€™ve seen are the ā€˜Nicole Zhu seriesā€™. They are a lot of help, but they could be greatly improved on. The video walkthroughs idea is awesome, I believe there is none at the moment.

The things that would have been useful for me at the start are:

  • How to interact with the deployed contracts.
    • function calling and interfaces
  • Remix set up, compiler versions, specifications of solc 0.4.18 syntax.
  • Gas, mention the need to increase the limit in certain functions.
  • How to debug your contracts.

For beginners, I believe it is not enough to provide only the code with the solution but to show how the exploits unfolds through every transaction.

Please let me know if you need any help!

3 Likes

Love this idea of using Ethernaut to lower the learning curve, as it is the main entry point for many people willing to join Ethereum. That was the case for me too, and now I ended up at Zeppelin myself doing security audits :laughing: I even did some write ups when I started (https://notonlyowner.com), where the idea was to teach Solidity by breaking the contracts in Ethernaut. You guys might find them useful to write your own.

Iā€™m hesitant about having ā€œofficialā€ write ups though; everybody takes a different approach in learning and there is no right no wrong. Having official write ups might give this idea that there is a ā€œrightā€ way of passing the challenges in Ethernaut. Of course the solution is just one, but for me Ethernaut was never about passing the challenges but just learning and having fun exploring how to break them.

4 Likes

Your issues are pretty much the same ones as mine. The later levels donā€™t warn you of much at all. They should at least prepare you.

I would like your help on creating footnotes. And the Remix setup. Or we can work on a Truffle setup. I was busy last week, but I can chat with anyone to talk how to proceed from here. Telegram? Slack is fine too.

What about guides that promote certain concepts then? While I agree that we shouldn't focus on "one solution".

There are too many resources and imagine a newcomer coming to this, in my case (a security engineer) knowing nothing about Ethereum and wanted to do audits. And then you found this game. I thought since it was browser-based you would have everything needed to do the challenges.

To be honest, the game scared me away. I was having a lot of fun until I had to break the immersion in my game browser tab.

As usual, I began googling and got myself deep in the mud of tutorials and the sheer amount of information (Which is fine since you are expected to as a software engineer/security engineer). But wow, what a mess you'll find yourself. Even with experience.

For example, I thought the game would reach to a point where it teaches you how to exploit a contract using another contract FIRST before trying to give other similar challenges. Oh boy, nope. You are not taught that. The moment that you realized you need X, Y, and Z. People will stop caring about security. Usually, only the strong willed do well in cases like this.

I think the game misses an entire group of audience: which is the everyday programmer. They would benefit the most. They shouldn't be expected to google everything off the bat to learn security concepts. By then, they already did 6 tutorials and built 6-7 things before coming back to this game. Then they don't get the satisfaction of completing the challenge. By then, they'll be too bitter or at least disappointed when they see that the challenge was about a simple thing anyway.

External tools are required too early or without any warning. If the Ethernaut game was designed to teach Solidity security. Then it's failing hard. It just teaches you to be great at Googling and too tired to actually setup things for the challenge.

The game should teach things such as:

  1. How to run contracts in remix before giving a challenge that benefits from running remix.
  2. How to detect when gas limits are too little.
  3. Hw to run two contracts.
    ...and so on.

Ideally in a game like this, you want a lot of hints early on, but less later on. And a certain amount of Googling to make it fun, etc...

That's where I am with everything. I was very interested in this game until the issues I mentioned. Right now, you would be better off learning everything alone and making your own challenges and tests, then trying to make this game work. A lot less stress too.

2 Likes

With that said,

I will be willing to help fix some issues. Just need feedback :slight_smile:

Iā€™m deciding how to begin. A good discussion is needed on where we want to take this game.

:heart:

This is great insight, thanks for sharing it. I think your views are really valuable and should be taken into account while writing the content. I like the idea of having a "resources center" for players to have a place to find help.

I also share @tinchoabbate's concern on having "real" answers. If anything, we could brand them as Community walkthroughs instead.

1 Like

@redragonx: I agree with @martriay , these are great insights.

Ethernaut was not designed to teach security or smart contracts. It was just intended to be a fun thing for Devcon 3 (and it was!), and a playground for medium to advanced security researchers and developers to send each other challenges. If it starts easy, it is because the player needs to learn how to use the game, but the player is expected to know about Ethereum and security. Challenge sharing never really happened because the overhead of creating new levels is just too high.

Anyway, I agree that an unexpected thing that happened afterwards was that people approached Ethernaut for education, which is wonderful. But, as you say, it has a lot of holes in that regard.

Your insights make me think if the community would appreciate something similar to Ethernaut (or a version of it) that focuses exclusively in education.

2 Likes