➕ Add Impersonator gamedata

itdream-dev · Nov 3, 2024 · 69b653f · 69b653f
1 parent dc63e9c
commit 69b653f
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 0 deletions.
diff --git a/client/src/gamedata/authors.json b/client/src/gamedata/authors.json
@@ -182,6 +182,17 @@
           "https://www.linkedin.com/in/afonso-dalvi-711635112/"
         ],
       "emails": ["[email protected]","[email protected]"]
+    },
+    "Gianfranco":{
+      "name": [
+        "Gianfranco"
+      ],
+      "websites":
+        [
+          "https://github.com/GianfrancoBazzani/"
+        ],
+        "donate" : "gianfrancobazzani.uni.eth",
+      "emails": ["[email protected]"]
     }
   }
 }
diff --git a/client/src/gamedata/en/descriptions/levels/impersonator.md b/client/src/gamedata/en/descriptions/levels/impersonator.md
@@ -0,0 +1 @@
+SlockDotIt’s new product, **ECLocker**, integrates IoT gate locks with Solidity smart contracts, utilizing Ethereum ECDSA for authorization. When a valid signature is sent to the lock, the system emits an `Open` event, unlocking doors for the authorized controller. SlockDotIt has hired you to assess the security of this product before its launch. Can you open a door controlled by another user?
diff --git a/client/src/gamedata/en/descriptions/levels/impersonator_complete.md b/client/src/gamedata/en/descriptions/levels/impersonator_complete.md
@@ -0,0 +1,5 @@
+Congratulations! You've successfully unlocked the secrets of the elliptic curve signatures!
+
+As described in [EIP-2](https://eips.ethereum.org/EIPS/eip-2), allowing values of `0 < s < secp256k1n` in our verification logic, as is currently the case, opens a signature malleability concern. One can take any signature, flip the `s` value from `s` to `secp256k1n - s`, change the `v` value (27 -> 28, 28 -> 27), and the resulting signature would still be valid for the same signer.
+
+It is important to use safe implementations unless you know exactly what you are doing. Check the [OpenZeppelin implementation](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/448efeea6640bbbc09373f03fbc9c88e280147ba/contracts/utils/cryptography/ECDSA.sol#L128-L154) to learn how to use ecrecover safely.
diff --git a/client/src/gamedata/gamedata.json b/client/src/gamedata/gamedata.json
@@ -496,6 +496,21 @@
       "deployId": "31",
       "instanceGas": 750000,
       "author": "Waiandt&Dalvi"
+    },
+    {
+      "name": "Impersonator",
+      "created": "2024-11-04",
+      "difficulty": "8",
+      "description": "impersonator.md",
+      "completedDescription": "impersonator_complete.md",
+      "levelContract": "ImpersonatorFactory.sol",
+      "instanceContract": "Impersonator.sol",
+      "revealCode": true,
+      "deployParams": [],
+      "deployFunds": 0,
+      "deployId": "32",
+      "instanceGas": 750000,
+      "author": "Gianfranco"
     }
   ]
 }
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		SlockDotIt’s new product, ECLocker, integrates IoT gate locks with Solidity smart contracts, utilizing Ethereum ECDSA for authorization. When a valid signature is sent to the lock, the system emits an `Open` event, unlocking doors for the authorized controller. SlockDotIt has hired you to assess the security of this product before its launch. Can you open a door controlled by another user?