Superform CTF

Hack Superform, keep the money.

• Add your wallet address to your profile (Profile -> Edit Profile -> CTF Addresses).
• The contracts are live, you can (legally) hack it onchain.
• Use cantina code interface to submit a writeup about the exploit, with a link to etherscan / equivalent.
• There is no judging. No severity disputes. No PoC. Just hacking!

Planting The Flags

Starting December 28th, the Superform Protocol will be deployed on Avalanche, BNB Chain, and Polygon. Deposits will be made into 3 vaults on each chain for a total of 9 vaults. Deposits will be made into 3 vaults daily in tranches of $2.5k at 15:00 UTC until all deposits have been made.

The goal is to steal the ERC4626 shares held in Superform Protocol’s Superform contracts and tokens in transit from chain to chain. If stolen, the security researcher can keep the bounty in the vault. Users may do this via any protocol action — creating new Superforms, depositing/withdrawing from the protocol into vaults themselves via our contracts, etc.

Resources:

• Superform V1 Deployment
• Superform Addresses with Deposits

See the full announcement here