Ethernaut category

I’ve started working already :writing_hand:
I will be posting soon!

2 Likes

Hi! I’d be interested in helping creating the official walkthroughs. I was planning on creating videos for each challenge. Maybe a write-up.

But I’m having issues setting up Truffle for later levels. So that might be where I will start helping out here. I’d like to know what would be helpful for new comers too.

3 Likes

Great! The only walkthroughs I’ve seen are the ‘Nicole Zhu series’. They are a lot of help, but they could be greatly improved on. The video walkthroughs idea is awesome, I believe there is none at the moment.

The things that would have been useful for me at the start are:

  • How to interact with the deployed contracts.
    • function calling and interfaces
  • Remix set up, compiler versions, specifications of solc 0.4.18 syntax.
  • Gas, mention the need to increase the limit in certain functions.
  • How to debug your contracts.

For beginners, I believe it is not enough to provide only the code with the solution but to show how the exploits unfolds through every transaction.

Please let me know if you need any help!

3 Likes

Love this idea of using Ethernaut to lower the learning curve, as it is the main entry point for many people willing to join Ethereum. That was the case for me too, and now I ended up at Zeppelin myself doing security audits :laughing: I even did some write ups when I started (https://notonlyowner.com), where the idea was to teach Solidity by breaking the contracts in Ethernaut. You guys might find them useful to write your own.

I’m hesitant about having “official” write ups though; everybody takes a different approach in learning and there is no right no wrong. Having official write ups might give this idea that there is a “right” way of passing the challenges in Ethernaut. Of course the solution is just one, but for me Ethernaut was never about passing the challenges but just learning and having fun exploring how to break them.

4 Likes

Your issues are pretty much the same ones as mine. The later levels don’t warn you of much at all. They should at least prepare you.

I would like your help on creating footnotes. And the Remix setup. Or we can work on a Truffle setup. I was busy last week, but I can chat with anyone to talk how to proceed from here. Telegram? Slack is fine too.

What about guides that promote certain concepts then? While I agree that we shouldn’t focus on “one solution”.

There are too many resources and imagine a newcomer coming to this, in my case (a security engineer) knowing nothing about Ethereum and wanted to do audits. And then you found this game. I thought since it was browser-based you would have everything needed to do the challenges.

To be honest, the game scared me away. I was having a lot of fun until I had to break the immersion in my game browser tab.

As usual, I began googling and got myself deep in the mud of tutorials and the sheer amount of information (Which is fine since you are expected to as a software engineer/security engineer). But wow, what a mess you’ll find yourself. Even with experience.

For example, I thought the game would reach to a point where it teaches you how to exploit a contract using another contract FIRST before trying to give other similar challenges. Oh boy, nope. You are not taught that. The moment that you realized you need X, Y, and Z. People will stop caring about security. Usually, only the strong willed do well in cases like this.

I think the game misses an entire group of audience: which is the everyday programmer. They would benefit the most. They shouldn’t be expected to google everything off the bat to learn security concepts. By then, they already did 6 tutorials and built 6-7 things before coming back to this game. Then they don’t get the satisfaction of completing the challenge. By then, they’ll be too bitter or at least disappointed when they see that the challenge was about a simple thing anyway.

External tools are required too early or without any warning. If the Ethernaut game was designed to teach Solidity security. Then it’s failing hard. It just teaches you to be great at Googling and too tired to actually setup things for the challenge.

The game should teach things such as:

  1. How to run contracts in remix before giving a challenge that benefits from running remix.
  2. How to detect when gas limits are too little.
  3. Hw to run two contracts.
    …and so on.

Ideally in a game like this, you want a lot of hints early on, but less later on. And a certain amount of Googling to make it fun, etc…

That’s where I am with everything. I was very interested in this game until the issues I mentioned. Right now, you would be better off learning everything alone and making your own challenges and tests, then trying to make this game work. A lot less stress too.

2 Likes

With that said,

I will be willing to help fix some issues. Just need feedback :slight_smile:

I’m deciding how to begin. A good discussion is needed on where we want to take this game.

:heart:

This is great insight, thanks for sharing it. I think your views are really valuable and should be taken into account while writing the content. I like the idea of having a “resources center” for players to have a place to find help.

I also share @tinchoabbate’s concern on having “real” answers. If anything, we could brand them as Community walkthroughs instead.

1 Like

@redragonx: I agree with @martriay , these are great insights.

Ethernaut was not designed to teach security or smart contracts. It was just intended to be a fun thing for Devcon 3 (and it was!), and a playground for medium to advanced security researchers and developers to send each other challenges. If it starts easy, it is because the player needs to learn how to use the game, but the player is expected to know about Ethereum and security. Challenge sharing never really happened because the overhead of creating new levels is just too high.

Anyway, I agree that an unexpected thing that happened afterwards was that people approached Ethernaut for education, which is wonderful. But, as you say, it has a lot of holes in that regard.

Your insights make me think if the community would appreciate something similar to Ethernaut (or a version of it) that focuses exclusively in education.

2 Likes

Ah, see. if that was clear from the start. That would explain a lot. As it was explained to me as a CTF. And it confused me on what it was trying to do.

It would be badass if the game turned into a bug finding platform to share ideas and security patterns. That would get a lot of attention. With mini tools helping you in the browser.

“The ultimate playground for medium to advanced security researchers and developers to send each other challenges.”

Then we should think about new ways to educate people. :smiley:

I was informed to try Ethernaut as my way introduction to the Zeppelin team. That was my reason to use it and seeing what it was about.

I’ve gone through some of your post, they are great, thanks!

Not only the actual community but as @redragonx said, also everyday programmer. Having beginners use ehernaut will cause Zeppelin to grow as a brand.

There is no need to change the original objective of the project, it could easily be adapted to be an educational tool. Witch it unintentionally became, it only needs to be a little more gentle on the learning curve. Some small changes could help.

  1. Order levels on growing difficulty
  2. Adding the resources we talked about to the help tab in ethernaut.

This could very easily be done, it seems like a good place to start.

@scammi yes definitely! Thanks again for this valuable feedback. We will talk about it with the team and consider your suggestions.

1 Like

Let me know what you decide! I’ll help in anyway I can.

1 Like

Any news on this? :smiley:

Hi! yes.

  1. I reviewed the “Add support for other languages” PR, I haven’t heard of the anything back, so I sent an email, if it does not respond I will do the changes my self.
  2. I’ve started a new thread category on the changes proposed to the help tab.
  3. I’ve made some notes on the initials levels, but they are not nearly ready and @tinchoabbate are much better anyways.
2 Likes

:rocket::rocket::rocket::rocket::rocket::rocket:

Maybe we can have a collection of solutions instead of a single “community suggested” solution, and include @tinchoabbate’s as well the ‘Nicole Zhu series’ . Then, we can identify the levels without a proper walkthrough and write those.

Yes this is great, very simple, gather curated resources from the community. Where would you place them? Here at the forum, or rather at the Ethernaut page?

I would start in the forum and see what it happens :slight_smile:

I agree I’ve compiled what I thought to be the best, where you thinking in a sticky at the ethernaut category?

Video walk-through:

Status - Smart Contract Vulnerabilities: Ethernuats
Tim Holmes Mitra - Ethernaut Challenges playlist
David Wong - Ethernaut CTF walkthrough

Tinchoabbate walkthrough

Notonlyowner

Nicole Zhu series

Lvl 1 Fallback function
Lvl 2 Fallout
Lvl 3 Coin Flip
Lvl 4 Telephone
Lvl 5 Token
Lvl 6 Delegation
Lvl 7 Force
Lvl 8 Vault
Lvl 9 King
Lvl 10 Re-entrancy
Lvl 11 Elevator
Lvl 12 Privacy
Lvl 13 Gatekeeper 1
Lvl 14 Gatekeeper 2
Lvl 15 Naught Coin
Lvl 16 Preservation
Lvl 17 Locked
Lvl 18 Recovery
Lvl 19 MagicNumber

Igor Yalovoy

Ethernaut Alien Codex Solution

Tsauvajon

gitHub .md guide

1 Like