Full Code of WintermuteResearch/Alpha-Challenge for AI

Repository: WintermuteResearch/Alpha-Challenge
Branch: main
Commit: ae7e17f6019e
Files: 11
Total size: 12.4 KB

Directory structure:
gitextract_e9kn3789/

├── 01-vault/
│   └── README.md
├── 02-daos/
│   └── README.md
├── 03-stale-oracle/
│   └── README.md
├── 04-pump-it/
│   └── README.md
├── 05-whitehat/
│   └── README.md
├── 06-stale-amm/
│   └── README.md
├── 07-jared-from-subway/
│   └── README.md
├── 08-liquidations/
│   └── README.md
├── 09-long-tail-enjoyor/
│   └── README.md
├── 10-solana-stake/
│   └── README.md
└── README.md

================================================
FILE CONTENTS
================================================

================================================
FILE: 01-vault/README.md
================================================
# Vault - Tier 1
You are looking through an old version of the OpenZeppelin implementation of ERC-4626 and notice a vulnerability that requires frontrunning an innocent user. You have been granted a large amount of ETH (say e.g. 1k ETH, but you are free to choose the amount :) ) and want to set up a whitehat bot to execute this exploit and return the funds to the user.


- a) Describe the vulnerability and the payoffs for an attacker.
- b)  Produce code that can check if this vulnerability has occurred in the past and determine how much value was lost, if any.
- c)  Write code for the bot that can carry out the exploit (don’t worry about returning user funds).


================================================
FILE: 02-daos/README.md
================================================
# DAOs - Tier 1
You’re a DeFi enthusiast who spends a lot of time participating in and analyzing DAOs, their governance contracts, and their overall level of participation. Over the past couple of years, the market has slowed down and you’ve begun to notice that some DAOs are not the same as they used to be.


- a) Identify a set of DAOs that are most vulnerable to an economic governance attack, describe how it may be achieved, and estimate the cost to the attacker.
- b) For vulnerable DAOs, estimate and describe the potential benefit for the attacker i.e., how much of the DAO’s treasury is at risk of being stolen? (it can also be a parameter change)


================================================
FILE: 03-stale-oracle/README.md
================================================
# Stale-Oracle - Tier 1
While digging around, you learn about the manual process involved in updating oracle prices for [Compound v1](https://etherscan.io/address/0x3fda67f7583380e67ef93072294a7fac882fd7e7). According to the official blog post, the protocol was deprecated on June 3, 2019. However, according to the contract, it was never paused, and there are no functions for freezing markets. Given this, perhaps it’s possible to use stale prices and borrow all assets cheaply?


- a) Are the prices stale according to the view of Compound v1?
- b) Were markets paused in some way? Provide all necessary data to simulate the borrowing of any asset on June 5, 2019 to prove your point.


================================================
FILE: 04-pump-it/README.md
================================================
# Pump-It - Tier 2
You notice the growing attention around pump.fun and can't help but take a deeper look. You are interested in their revenue sources and observe that they take fees for a few distinct actions.


- a) How much revenue did Pump generate and can you decompose this for each action? E.g. [pump.fun](http://Pump.Fun) takes fees for each trade on the bonding curve, so one revenue component would be the sum of all “trades via the bonding curve” (the distinct action).
- b) What percentage of tokens were successfully deployed to Raydium? Find the tokens that:
    - Took the most time to deploy to Raydium.
    - Took the least amount of time to deploy to Raydium.
- c) Using the information gained from the above sub-questions about fee generation, were there any cases where the pump team had a clear incentive to buy any given token created through their platform? If yes, provide an example. If no, explain the conditions under which this incentive would exist.


================================================
FILE: 05-whitehat/README.md
================================================
# Whitehat - Tier 2
You stumbled across an old [bug bounty report](https://medium.com/immunefi/polygon-lack-of-balance-check-bugfix-postmortem-2-2m-bounty-64ec66c24c7d) from the end of 2021 related to the Polygon codebase. Understanding that other blockchains are using this code, you decide to double-check that the largest ones are not susceptible to vulnerabilities disclosed in this report.


- a) Find at least two Polygon forks that could potentially be vulnerable.
- b) Provide the code to check if these blockchains are safe.
- c) Estimate the potential maximum loss if this attack is possible on both blockchains.


================================================
FILE: 06-stale-amm/README.md
================================================
# stale-amm - Tier 2
It’s May 2021, and while searching for new trading pools, you discovered that someone made [2.8x](https://etherscan.io/tx/0x3f1b5baef6ea7f622834eabe7634bf89e3f473b62a73e357fdd04a1a5cf32ecf) by selling TUSD through one of the old Uniswap v1 pools. Let’s figure out how it happened.


- a) What is the reason for the stale price in this pool?
- b) Provide all necessary simulation data to arbitrage the pool on January 23, 2022.
- c) Could you execute the arbitrage on March 14, 2022? If not, explain why.


================================================
FILE: 07-jared-from-subway/README.md
================================================
# Jared-from-Subway - Tier 2
You are click trading a newly launched memecoin and notice you are being sandwiched by [Jared](https://etherscan.io/address/0x6b75d8af000000e20b7a7ddf000ba900b4009a80). You see that Jared made a bunch of money doing this, and you're interested in checking their profitability:


- a) Produce the code to calculate Jared’s revenue.
- b) Produce the code to calculate Jared’s costs and use this to:
    - Compute their profit.
    - Identify the opportunity that yielded the highest single profit.
- c) How can you avoid being sandwiched in the future? Provide some reasons that might explain why Jared is out-competing other sandwich enjoyers.


================================================
FILE: 08-liquidations/README.md
================================================
# Liquidations - Tier 3
It’s DeFi Summer, and you run one of the most successful liquidators on Compound v2. On August 20, 2020, you realize that you are losing market share to [this address](https://etherscan.io/tx/0xec4f2ab36afa4fac4ba79b1ca67165c61c62c3bb6a18271c18f42a6bdfdb533d). This is odd because you updated the trading setup after [this proposal](https://compound.finance/governance/proposals/19), and have consistently won almost all liquidations since then.


- a) What’s the edge of this liquidator that allows them to win more liquidations?
- b) When you figure out the source of the edge, you notice that their calldata is extremely obfuscated. Can you explain on how the calldata works?
- c) Write code for the bot in Solidity, and provide all necessary information to simulate this liquidation on a mainnet fork.


================================================
FILE: 09-long-tail-enjoyor/README.md
================================================
# Long-Tail-Enjoyor - Tier 3
You’re an active member of the Synthetix community and noticed that the implementation of one of [their latest SIPs](https://sips.synthetix.io/sips/sip-112/) will be deployed today (May 13, 2021).


- a) How, in theory, can you make money based on the SIP specification?
- b) Provide the simulation data when you execute the opportunity using the full maxETH amount.


================================================
FILE: 10-solana-stake/README.md
================================================
# Solana-Stake - Tier 3
The Solana Foundation [recently announced](https://www.theblock.co/post/299244/solana-foundation-removes-certain-operators-from-delegation-program-over-malicious-sandwich-attacks) their plan to remove stake from their delegation program if participating validators produce blocks including sandwich attacks.

Here is a [useful thread](https://x.com/0xMert_/status/1799955514786234751) for extra context, also you can view the announcement on the foundation’s Discord.


- a) You are aware of Jito's modified Solana client to improve the efficiency of MEV extraction. Describe how unaligned validators can run their own private mempool to facilitate sandwich attacks.
- b) Identify the validators that had their stake removed, and determine the total amount removed.
- c) Write code that, given a Solana block, outputs whether a sandwich attack was included.


================================================
FILE: README.md
================================================
# Wintermute Alpha Challenge 2024

The Alpha Challenge is our experimental way to reach two goals:
- to provide a way for the crypto community to test their on-chain analysis skills
- to find the best talents for roles requiring a researcher mindset at Wintermute and portfolio/friendly companies

**GGWP, goals achieved, check out the publicly available solutions from one of the winners [here](https://github.com/evmcheb/wintermute-alpha) to be better prepared for [the 2025 edition](https://alpha.wintermute.com/).**

## Rules

### How to start
1. Complete [this form](https://docs.google.com/forms/d/e/1FAIpQLSepRplKQcGdeQOuvzqON8MW8QLs8M2_a7oLwWba1iiZKqWaSA/viewform) to give us a way to reach out to winners of this challenge
2. [Import this repository](https://github.com/new/import) as a private one
3. Add `frankresearcher` and `zakriaabdi` as [collaborators to this private repo](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository#inviting-a-collaborator-to-a-personal-repository)
4. Start solving
5. Request access to the Telegram group by using the badge at the beginning of the README

### How to solve
Each solution should be placed in its corresponding directory as a text file, including both the answers and their rationale. Additionally, include any code files that are part of the solution. It's probably better to be more verbose than brief in how results were achieved in order to analyze possible mistakes later or give a more accurate score.

For any questions asking for code where the programming language has not been specified, participants are free to use any programming language (including SQL) and any platform (e.g. sim or Dune). We recommend making use of the Foundry toolkit where possible.

### Scoring
As a general guideline, Tier 1, Tier 2, and Tier 3 questions are worth 5, 10, and 15 points respectively. The sub-questions are designed such that `c` > `b` > `a` in terms of difficulty and score. Achieving 60 points in total can be considered as a successful participation, and we will reach out to the best.

### Deadline
We will review the state of the `main` branch of private repos based on the last commit at 11:59 PM UTC on September 4, 2024. Any commits after the deadline date will be ignored.

### How to be qualified as a winner
To qualify as a winner, participants need to score at least 60 points based on their work in a private repo by the deadline and rank in the Top 25 by points. We will reach out to the Top 25 via email, so make sure the application form is filled out before the deadline.

Please avoid posting any solutions in the Telegram group or elsewhere until the challenge ends, as this could lead to disqualification from any awards and ensures the integrity of the competition. It's also important to not push anything to a public repo until the deadline, as this could result in disqualification.

We ask all participants to double-check that all collaborators have been added before the deadline. In some cases, after changing the repo name collaborators can lose access, therefore they will not be able to review solutions. It is the participant's responsibility to ensure that review is possible.

### Support
We add all participants who filled out our form to a Telegram group, where we will post organizational updates, and participants can ask questions if any tasks are unclear. Participants can also leave requests to join the group using the Telegram badge at the start of this README; everyone who has already filled out the application form will be added shortly.

### Try sim for this challenge
sim Studio enables fast indexing and instrumentation of transactions.
It lets you hook on calls, logs, storage operations, and more while enabling you to run Solidity code in the context of the hooked event.
See a full JIT LPing example written in sim Studio [here](https://studio.sim.io/tal/canvases/06216600-4ba4-4b7f-be7d-6fce27d6482c).

Fill out [their form](https://go.smlxl.io/wintermutechallenge) to remove account restrictions for one month from the start of the challenge.

## Collaboration with Challenge Frens
We've collaborated with a few teams that have either built products/platforms to help participants solve some of the challenges or/and have generously contributed prizes for winners. We're grateful for their support!

### [The Block](https://www.theblock.pro/)
A subscription to The Block Pro, giving you access to a suite of news, research, data, and funding tools.

### [dRPC](https://drpc.org/)
A gift card worth 30M RPC requests by dRPC, a new-gen multichain decentralized RPC platform for builders and foundations.

### [Zerion](https://zerion.io/)
A 1-year Zerion Individual subscription along with API credits for $500, giving you a gateway to manage and explore everything on-chain in a single, user-friendly wallet.

### [Moni](https://getmoni.io/)
A 3-month Alpha subscription from Moni, giving you full access to Moni Discover platform perks and community.

### [sim.io](https://sim.io/)
A 3-month sim subscription, providing access to a unified platform for blockchain data computation, storage, and querying.

### [Remedy](https://r.xyz/)
An access to Glider from Remedy, a Python-based query framework that can in a matter of seconds scan millions of smart contracts across the Ethereum ecosystem for patterns of any complexity.

### [Big Brain Collective](https://x.com/lawmaster/status/1775450614744420786)
An exclusive invite to the “Big Brain Collective” Telegram group, an existing Echo collective, where you can also engage with industry leaders and influential traders.