During Defcon 2019, we ran our first Blockchain Security competition — . With Capture the Coin we focused on promoting blockchain security areas of cryptography, smart contracts, forensic analysis, malware, and more.
Coming in with the most solves, Trivia Challenges is the most popular part of Capture the Coin. By design, these introductory challenges share historical snippets of notable events on the blockchain. Let’s dive into the Trivia Challenges, their story and their solutions.
Challenge: What BTC address received the coinbase reward in block 1337?
In this challenge we took the opportunity to bridge hacker history with Bitcoin analysis. 1337 references early internet hacker culture, . In Leetspeak, leet translates to 1337. On the Bitcoin analysis side, this challenge introduces searching for transactions based on their attributes and position on the blockchain. Block 1337 defines the position of the block, known as its height. Coinbase rewards exist in coinbase transactions, the first transaction in the block (more on ).
To find the address that received the coinbase reward we use a BTC block explorer (Web UIs). You’ll search by block height and find the first transaction. Notice, the from field includes placeholder data instead of an address, this distinguishes the coinbase transaction from any other transaction.
Challenge: Input how many satoshis are in 1 Bitcoin
This challenge asks you to determine how many Satoshis are in 1 BTC. To find the answer, our formula looks like this: answer * 0.00000001 = 1. The input we are looking for is 100000000. Complete formula: 100000000 * 0.00000001 = 1.
Challenge: What is the most expensive opcode (mnemonic) in Ethereum EVM?
Ethereum Virtual Machines (EVMs) execute instructions known as opcodes. The opcodes come with a cost used to determine the gas amount. The gas exists to compensate miners for using their own CPU resources to run EVMs. The price per opcode lives in the Fee Schedule, Appendix G of the . The opcode CREATE lists a price of 32000 , making it the most expense.
Challenge: This bug caused the June 2016 DAO collapse
June 2016 marked the month of the DAO collapse, leading to the fork of Ethereum. DAO stands for Decentralized Autonomous Organization, its smart contract intended to serve as venture capital on the Ethereum Blockchain. With DAO, you could receive funding on your project. Preceding the collapse, . A series of events led to the collapse of DAO. The first event, the reentrancy vulnerability, lead to a DAO security breach where an attacker leveraged the vulnerability to take DAO funds.
Challenge: What is the contract address for Dai stablecoin (v1.0)?
Ethereum makes it possible to . The smart contracts are held on the blockchain as transactions. Dai stablecoin is a smart contract deployed on Ethereum. For this challenge, we want you to find a Dai stablecoin’s contract address. A quick way to find the smart contract address is searching in a block explorer like Etherscan, you can , including DAI:
Once you click on DAI Stablecoin you’ll notice the contract address listed in the UI.
That’s it, Dai stablecoin’s smart contract address is 0x89d24a6b4ccb1b6faa2625fe562bdd9a23260359.
Challenge: What is the owner address for the following Ethereum contract: 0x0882477e7895bdC5cea7cB1552ed914aB157Fe56 ?
The concept of a privileged role is a notable feature unique to many Ethereum smart contracts. These roles, depending on their definitions, could perform highly privileged actions such as move money or create money to name a few. Privileged roles can be represented by an address or another smart contract. For this challenge, we wanted you to find the Contract Owner to the USDC smart contract address: . Finding that address on Etherscan shows the contract code, including privileged roles. As illustrated in the Etherscan contract page below, we see the Contract Owner address is .
Challenge: What number do P2SH addresses start with?
Challenge: What prefix do SegWit Bech32 addresses start with?
P2SH introduced the ability to receive funds via a QR code or a simple copy and paste using a fixed-length 20 byte hash. This made the movement of money drastically simpler.
Our prompts asked you to provide the prefix for each address type: P2SH is 3 and SegWit is bc1.
Challenge: Find the address used to siphon funds from CoinDash ICO using the short address attack
The challenge invites participants to conduct a bit of investigation on details of the CoinDash hack. According to the article found in the link below, the compromised wallet was . Looking at the last few transactions in the compromised wallet, we can see a couple of large Ether outflows:
Challenge: On May 15, 2019 a blockchain reorg has occurred on the BCH network. What is the hash for the orphaned block #582698?
Reorgs are important events on the blockchain network because they cause deviation in the composition of recorded blocks and transactions in them.
For this challenge, we want you to learn about reorgs, specifically, understand how to decipher transaction data that communicates orphaned blocks. On May 2019, a BCH reorg took place. If we look at the block #582698 in any block explorer, we can observe that it was mined by a BTC.TOP mining pool and is also extended into the next block #582699:
We can find the orphaned block by or searching for the block on various blockchain explorers to see if they are different from the one in the current chain. The orphaned block was mined by an “unknown” miner and does not have any blocks following it in the chain:
The hash for the transaction is 0x13821c4378e842401ac54371a8afa81777327266bf418af, and it’s also the solution to this challenge.
Challenge: What is the public key associated with the address used to send 10,000 BTC to buy pizza on May 22, 2010. Transaction hash: a1075db55d416d3ca199f55b6084e2115b9345e16c5cf302fc80e9d5fbf5d48d
The challenge references the famous 10000 BTC pizza purchase from the early days of Bitcoin. Given a transaction hash, let’s determine the public key of the hungry buyer by pulling the raw transaction from a blockchain explorer:
$ bx fetch-tx a1075db55d416d3ca199f55b6084e2115b9345e16c5cf302fc80e9d5fbf5d48d
script “[3046022100bc57dc26f46fecc1da03272cb2298d8a08b22d865541f5b3a3e862cc87da4b47022100ce1fc72771d164d608b15065832542a0e9040cfdf28862c5175c81fcb0e0b65501] [0434417dd8d89deaf0f6481c2c160d6de0921624ef7b956f38eef9ed4a64e36877be84b77cdee5a8d92b7d93694f89c3011bf1cbdf4fd7d8ca13b58a7bb4ab0804]”
script “dup hash160 [46af3fb481837fadbb421727f9959c2d32a36829] equalverify checksig”
The transaction contains a large number of inputs coming from the same source address. The key detail to notice above is the unlock script.
Dull moments in crypto are rare. This trivia highlights some of those notable events. At Coinbase, we have the opportunity to explore how notable blockchain activities impact our threat model.
This website contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of Coinbase, Inc., and its affiliates (“Coinbase”), and Coinbase is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. Coinbase is not responsible for webcasting or any other form of transmission received from any Third-Party Site. Coinbase is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by Coinbase of the site or any association with its operators.
All images provided herein are by Coinbase.
Nov 29, 2023,
3min read time
Nov 28, 2023