Capture the Ether: the Game of Smart Contract Security

Capture the Ether is a game that tests your understanding of smart contract security by challenging you to hack a series of smart contracts.

Capture the Flag Games

In the context of computer security, a Capture the Flag (CTF) competition is a game about finding and exploiting software vulnerabilities.

Capture the Ether is an Ethereum-specific CTF game.

Learn By Doing

My first experience with Capture the Flag games was when I was working at Dropbox. Our security team ran an internal CTF, and I became quite obsessed with it.

I certainly learned new things about security by participating, but for me the most valuable part was putting into practice things I already knew in the abstract. By writing exploits myself, I gained a better understanding for how even a seemingly small vulnerability can be incredibly dangerous.

I built Capture the Ether to provide that same rewarding experience for smart contract developers. Each challenge is in the form of a smart contract, and players earn points by exploiting it. It’s a test of your knowledge of smart contract security but also your ability to turn that abstract knowledge into a concrete exploit.

Results So Far

I launched the game last week with a Reddit post. At the time of this writing, 80 people have completed at least one of the challenges, and only two people have completed all 18 challenges in the initial batch. You can see the current high scores on the leaderboard.

More to Come

I have a few more challenges almost ready to publish, and my plan is to regularly add new challenges as I think of them. If you have ideas for new challenges, let me know! You can reach me at [email protected].