Capture the Coin — Trivia Solutions
During Defcon 2019, we ran our first Blockchain Security competition — Capture the Coin. With Capture the Coin we focused on promoting blockchain security areas of cryptography, smart contracts, forensic analysis, malware, and more.
Coming in with the most solves, Trivia Challenges is the most popular part of Capture the Coin. By design, these introductory challenges share historical snippets of notable events on the blockchain. Let’s dive into the Trivia Challenges, their story and their solutions.
Challenge: What BTC address received the coinbase reward in block 1337?
In this challenge we took the opportunity to bridge hacker history with Bitcoin analysis. 1337 references early internet hacker culture, Leetspeak. In Leetspeak, leet translates to 1337. On the Bitcoin analysis side, this challenge introduces searching for transactions based on their attributes and position on the blockchain. Block 1337 defines the position of the block, known as its height. Coinbase rewards exist in coinbase transactions, the first transaction in the block (more on coinbase transactions).
To find the address that received the coinbase reward we use a BTC block explorer (Web UIs). You’ll search by block height and find the first transaction. Notice, the from field includes placeholder data instead of an address, this distinguishes the coinbase transaction from any other transaction.
The to field contains the miner’s address receiving the coinbase reward: 1EcSu4ucxUpMgbWerA8jwfre8FigEvoZ15.
Challenge: Input how many satoshis are in 1 Bitcoin
A satoshi represents the smallest unit of Bitcoin currency on the Blockchain, 0.00000001 BTC. Satoshi is named after the creator(s) of Bitcoin, Satoshi Nakamoto.
This challenge asks you to determine how many Satoshis are in 1 BTC. To find the answer, our formula looks like this: answer * 0.00000001 = 1. The input we are looking for is 100000000. Complete formula: 100000000 * 0.00000001 = 1.
Challenge: What is the most expensive opcode (mnemonic) in Ethereum EVM?
Ethereum Virtual Machines (EVMs) execute instructions known as opcodes. The opcodes come with a cost used to determine the gas amount. The gas exists to compensate miners for using their own CPU resources to run EVMs. The price per opcode lives in the Fee Schedule, Appendix G of the Ethereum Yellow paper. The opcode CREATE lists a price of 32000 WEI, making it the most expense.
Challenge: This bug caused the June 2016 DAO collapse
June 2016 marked the month of the DAO collapse, leading to the fork of Ethereum. DAO stands for Decentralized Autonomous Organization, its smart contract intended to serve as venture capital on the Ethereum Blockchain. With DAO, you could receive funding on your project. Preceding the collapse, DAO held over ~12M Ether worth ~$150M. A series of events led to the collapse of DAO. The first event, the reentrancy vulnerability, lead to a DAO security breach where an attacker leveraged the vulnerability to take DAO funds.
Reentrancy or recursive function call both work as answers to this challenge.
Challenge: What is the contract address for Dai stablecoin (v1.0)?
Ethereum makes it possible to deploy smart contracts. The smart contracts are held on the blockchain as transactions. Dai stablecoin is a smart contract deployed on Ethereum. For this challenge, we want you to find a Dai stablecoin’s contract address. A quick way to find the smart contract address is searching in a block explorer like Etherscan, you can see the top contracts listed, including DAI:
Once you click on DAI Stablecoin you’ll notice the contract address listed in the UI.
That’s it, Dai stablecoin’s smart contract address is 0x89d24a6b4ccb1b6faa2625fe562bdd9a23260359.
Challenge: What is the owner address for the following Ethereum contract: 0x0882477e7895bdC5cea7cB1552ed914aB157Fe56 ?
The concept of a privileged role is a notable feature unique to many Ethereum smart contracts. These roles, depending on their definitions, could perform highly privileged actions such as move money or create money to name a few. Privileged roles can be represented by an address or another smart contract. For this challenge, we wanted you to find the Contract Owner to the USDC smart contract address: 0x0882477e7895bdC5cea7cB1552ed914aB157Fe56. Finding that address on Etherscan shows the contract code, including privileged roles. As illustrated in the Etherscan contract page below, we see the Contract Owner address is 0x0d637d8d16e053c396c13386e8fe7e9667ec5c6f.
P2SH and SegWit
Challenge: What number do P2SH addresses start with?
Challenge: What prefix do SegWit Bech32 addresses start with?
P2SH introduced the ability to receive funds via a QR code or a simple copy and paste using a fixed-length 20 byte hash. This made the movement of money drastically simpler.
SegWit introduced witness data committed outside of the merkle tree. To check transaction validity, this change reduced the size needed to store transactions in a block. Reference.
Our prompts asked you to provide the prefix for each address type: P2SH is 3 and SegWit is bc1.
Challenge: Find the address used to siphon funds from CoinDash ICO using the short address attack
The challenge invites participants to conduct a bit of investigation on details of the CoinDash hack. According to the article found in the link below, the compromised wallet was 0x6a164122d5cf7c840D26e829b46dCc4ED6C0ae48. Looking at the last few transactions in the compromised wallet, we can see a couple of large Ether outflows:
Both of these large outflows are going to the attacker controlled account: 0x5AC2914179085a60F37A07338D851DbFAdF17F08
Challenge: The following transaction contains a number of outputs with hidden messages in them: 8881a937a437ff6ce83be3a89d77ea88ee12315f37f7ef0dd3742c30eef92dba. Find the output address containing the message that includes the famous world leader’s name, Nelson Mandela.
Bitcoin transactions can hold hidden messages. Let’s consider how we might find the hidden message for 8881a937a437ff6ce83be3a89d77ea88ee12315f37f7ef0dd3742c30eef92dba. Transactions include a mix of plaintext and Base58 encoded data. We can decode any of the Base58 data including the addresses listed on transaction. After enough digging, we find 15gHNr4TCKmhHDEG31L2XFNvpnEcnPSQvd and 1AtSGJU3cTZLSVd4EvgnhmmDkdGJLinvVS both decode to Nelson Mendela text. For our prompt we accept both addresses as answers.
15gHNr4TCKmhHDEG31L2XFNvpnEcnPSQvd results in:
1AtSGJU3cTZLSVd4EvgnhmmDkdGJLinvVS results in:
Challenge: On May 15, 2019 a blockchain reorg has occurred on the BCH network. What is the hash for the orphaned block #582698?
Reorgs are important events on the blockchain network because they cause deviation in the composition of recorded blocks and transactions in them.
For this challenge, we want you to learn about reorgs, specifically, understand how to decipher transaction data that communicates orphaned blocks. On May 2019, a BCH reorg took place. If we look at the block #582698 in any block explorer, we can observe that it was mined by a BTC.TOP mining pool and is also extended into the next block #582699:
We can find the orphaned block by reviewing a Coinbase Engineering blog post on the reorg event or searching for the block on various blockchain explorers to see if they are different from the one in the current chain. The orphaned block was mined by an “unknown” miner and does not have any blocks following it in the chain:
The hash for the transaction is 0x13821c4378e842401ac54371a8afa81777327266bf418af, and it’s also the solution to this challenge.
Challenge: What is the public key associated with the address used to send 10,000 BTC to buy pizza on May 22, 2010. Transaction hash: a1075db55d416d3ca199f55b6084e2115b9345e16c5cf302fc80e9d5fbf5d48d
The challenge references the famous 10000 BTC pizza purchase from the early days of Bitcoin. Given a transaction hash, let’s determine the public key of the hungry buyer by pulling the raw transaction from a blockchain explorer:
$ bx fetch-tx a1075db55d416d3ca199f55b6084e2115b9345e16c5cf302fc80e9d5fbf5d48d
script “[3046022100bc57dc26f46fecc1da03272cb2298d8a08b22d865541f5b3a3e862cc87da4b47022100ce1fc72771d164d608b15065832542a0e9040cfdf28862c5175c81fcb0e0b65501] [0434417dd8d89deaf0f6481c2c160d6de0921624ef7b956f38eef9ed4a64e36877be84b77cdee5a8d92b7d93694f89c3011bf1cbdf4fd7d8ca13b58a7bb4ab0804]”
script “dup hash160 [46af3fb481837fadbb421727f9959c2d32a36829] equalverify checksig”
The transaction contains a large number of inputs coming from the same source address. The key detail to notice above is the unlock script.
Dull moments in crypto are rare. This trivia highlights some of those notable events. At Coinbase, we have the opportunity to explore how notable blockchain activities impact our threat model.
We are looking for people interested in helping us continue to build the most trusted brand in the Crypto, join us!
This website contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of Coinbase, Inc., and its affiliates (“Coinbase”), and Coinbase is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. Coinbase is not responsible for webcasting or any other form of transmission received from any Third-Party Site. Coinbase is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by Coinbase of the site or any association with its operators.
All images provided herein are by Coinbase.