A new Capture The Flag (CTF) series has kicked off for those looking to explore security vulnerabilities and exploit techniques in the Aptos Move ecosystem. The first challenge, “Lottery Manipulation,” invites participants to find a vulnerability in a lottery contract and develop an exploit to guarantee a win.
In this challenge, the lottery contract features a play function that generates a random number between 0 and 99. If a player gets 42, they win 1000 tokens. The goal is to manipulate this mechanism and create an exploit module that ensures victory every time.
Participants can submit their solutions by raising a Pull Request (PR) on the project’s GitHub repository. This CTF series offers a great opportunity for developers to deepen their understanding of smart contract security within the Aptos Move ecosystem.
Check out the GitHub repo and join the challenge: move-security-exploration/1_lottery_manipulation.md at main · Tlazypanda/move-security-exploration · GitHub