noormohammedb/hacker-challenge-sgx-general

DeTEE Hacker Challenge for everybody who wants to break the DeTEE technology

Go to file

Valentyn Faychuk dec033fb67 Discord invite widget		2025-02-03 16:55:04 +02:00
.cargo	remove unused dependencies	2024-12-06 04:19:32 +02:00
docker	switch to detee occlum	2025-01-22 05:23:11 +02:00
mint_sol	info forwarding optimisation	2024-12-22 23:28:21 +02:00
proto	write metrics to the /host/logs	2024-12-02 03:42:38 +02:00
scripts	switch to detee occlum	2025-01-22 05:23:11 +02:00
src	update sgx library to get patch for vulnerabilities	2025-01-21 22:17:57 +02:00
.gitignore	remove unused dependencies	2024-12-06 04:19:32 +02:00
build.rs	rewrite (#2 )	2024-11-08 14:33:42 +00:00
Cargo.lock	switch to detee occlum	2025-01-22 05:23:11 +02:00
Cargo.toml	update sgx library to get patch for vulnerabilities	2025-01-21 22:17:57 +02:00
LICENSE	gplv2 license and token creation retries	2025-01-10 00:55:31 +02:00
README.md	Discord invite widget	2025-02-03 16:55:04 +02:00
rustfmt.toml	rewrite (#2 )	2024-11-08 14:33:42 +00:00

README.md

Welcome to the HACKER CHALLENGE

Warning

Hacker challenge is licensed under GPLv2.
To participate in the Hacker Challenge, you must agree with following:

I acknowledge that I will not be able to recover any cryptocurrencies that I send to the Hacker Challenge wallet, and I am relinquishing ownership rights to any cryptocurrencies sent to the Hacker Challenge wallet.

I acknowledge that the tokens minted by the Hacker Challenge have no inherent value, and that these tokens have the sole purpose of testing the security of the challenge.

I have read the EULA and I accept all terms.

Join our Discord if you have questions:

Building and packaging the challenge

The host can be without SGX support. To build and package the challenge you will need the docker environment. Do the following steps to build the challenge:

# Notice that there is no SGX device mounted, run inside rewrite directory
docker run --rm --name packager -it -v .:/root/rewrite detee/occlum:0.30.1-ubuntu20.04
# If you are running the packager on Mac, don't forget to set the VMM to QEMU (Legacy),
# and run the following command once you are inside the container
ln -s /usr/local/occlum/bin/x86_64-linux-musl-ar /usr/local/occlum/bin/musl-ar
# Inside the docker container run package.sh and follow its instructions
cd /root/rewrite && ./scripts/package.sh --prep
exit # Feel free to exit the container

Testing the challenge

To test the challenge you will need the SGX support.

# this will boot few containers containing servers that will replicate the private key generated by one of the nodes
./scripts/testnet.sh
# to interact with the servers list the ports
docker container list
# pick some node and
curl localhost:your-port
# node will respond with a homepage with more information

The node homepage source is also here.

Production build

./scripts/build-container.sh

Contributing to the challenge

Don't forget to run cargo clippy and cargo fmt before submitting a PR.

Known issues

If you create a new node as a root and it will create the private key and save it to the disk, it will remain sealed and when the node will restart and try to join the rest of the network, it will still use the private key from the disk for minting and sharing.
If you run the hacker challenge on the Out Of Life processors you may have a privilege to run certain attacks, for instance check (this article)[https://x.com/PratyushRT/status/1828183761055330373].
The challenge is compiled using the HW mode, not HYPER so it may not work on some cloud providers, like Azure Intel SGX VMs (needs more testing).
The performance and stability of the challenge is not at its theoretical peak as the challenge was done mostly as a poc and was not meant to be infinitely scalable or very performant.
The challenge is not mutable once deployed, which means that it will remain secure for as long as the community will not find a new vulnerability in SGX.