Theme
Based on this year’s theme, the participants are tasked with the challenge to develop smart contracts that leverage transient storage (EIP-1153), i.e. the TSTORE
and TLOAD
opcodes.
Transient storage is as cheap as warm storage access with both reads and writes priced at 100 gas. It is well-suited for use-cases such as cheap re-entrancy locks.
The aim of USC 2024 is to showcase a transient storage use-case in a way that looks legitimate but contains a hidden vulnerability or manipulation mechanism in the implementation that is exposed because of transient storage.
Things to keep in mind:
- The compiler does not yet allow using transient as a data location in high-level Solidity code. For the time being, data stored in this location can only be accessed using the
TSTORE
andTLOAD
opcodes in inline assembly. - Simplicity is key! The shorter the submission is, the better. For instance, leave out ERC20 functions that do not add value to the objective of the contest.
- Bonus points if the submission includes a unique and interesting real-world scenario in the readme file.
- Extra points for a clear and concise explanation of the vulnerability built into your submission.
- We love being surprised! Explain the vulnerability in a separate file named
rugpull.txt
orspoiler.txt
, so the judges can evaluate the submission without knowing where the malicious code is hidden.