2023 Business CTF: 2244 Elections
Challenge Information
| Attribute | Details |
|---|---|
| Event | 2023 Business CTF |
| Category | Blockchain |
| Challenge | 2244 Elections |
| Difficulty | Hard |
Summary
In this challenge, you must detect and exploit a backdoor in the e-voting smart contract system used by the United Nations of Zenium (UNZ) and Board of Arodor (BoA) to manipulate the election outcome. The goal is to make the Voting contract return UNZ as the winning party instead of the initially favored BoA. The source code is not publicly available, but blockchain transactions are immutable and transparent.
Analysis
The challenge provides two smart contracts:
- Setup.sol: The initialization contract that deploys the Voting contract and checks if the challenge is solved
- Voting.sol: The main voting contract that contains the backdoor vulnerability
The Setup contract has an isSolved() function that checks if TARGET.WinningParty() == bytes3("UNZ"), confirming the objective.
Solution
The exploit requires analyzing the Voting contract to identify the backdoor mechanism that allows changing the winning party. By sending a specially crafted transaction to the Voting contract, you can modify the election state to set the winning party to “UNZ”.
Key steps:
- Connect to the private blockchain using the provided RPC endpoint and private key
- Deploy the Setup contract with 1 ether
- Get the Voting contract address from the Setup contract’s TARGET variable
- Call the Voting contract with the appropriate function and parameters to trigger the backdoor
- Verify the challenge is solved by calling isSolved() on the Setup contract
Key Takeaways
- Smart contracts on public blockchains cannot have hidden logic - all code is visible
- Backdoors in blockchain systems can manipulate critical outcomes like elections
- Understanding cryptographic signatures and transaction mechanisms is essential for blockchain security
- Always verify contract state changes through multiple independent methods