Capture The Flag (CTF)
Capture the Flag (CTF) in cyber security is an exercise in which "flags" are secretly hidden in purposefully-vulnerable programs or websites. CTF's are often organised as a live competition where participants steal flags either from other competitors (attack/defense-style CTFs) or from the organizers (jeopardy-style challenges). Several variations exist, including hiding flags in vulnerable blockchain contracts for others to exploit and/or abuse: thus enter blockchain (security) CTF's! These challenges are based on the traditional outdoor sport of the same name. (~ loosely copied from Wikipedia and extended by myself)
Ethereum
Here's a list to some well-known Ethereum CTF challenges. I might eventually do a more detailed write-up of some of these to brush up my writing and coding skills (😅):
- Ethernaut
- Capture The Ether
- Damn Vulnerable DeFi
- Paradigm CTF
- Mr Steal Yo Crypto
- Curta (a CTF protocol, where players create and solve EVM puzzles to earn NFTs)
- ....
If you get stuck, you can find walkthroughs on BlockThreat's GitHub repository: https://github.com/blockthreat/blocksec-ctfs. Or search elsewhere online, just use your favourite search engine. Not only do you find write-ups there, @blockthreat also lists plenty of other blockchain security Wargames, Challenges, and Capture the Flag (CTF) competitions!
There exist other, lesser-known "pop-up" CTF challenges, e.g. see samczsun's post on Twitter with the corresponding pinball machine contract 🕹 (welp, it already dates back to 2021, how time flies...):
https://rinkeby.etherscan.io/address/0xffb9205c84d0b209c215212a3cdfc50bf1cfb0e0#code
Other security challenges
Most of these are not capture the flag challenges pur sang, but security learning platforms that often gamify content. They enable you to learn step-by-step and through at each step you capture one (or more) flags. Most of it is available for free, and is super helpful to gain knowledge and/or expertise on your own pace.