(0) I Need Fuel.
Isa
I decided to join the newly introduced 'Attackathon' on the Immunefi platform; it's a first for them, and for me. Not only is there a big prize pool to be won, but it's also introducing a new programming language, Sway, which I'm sure will be challenging and fun to learn... Here's hoping.
What's an Attackathon?
Attackathons are education-based bughunting contests where whitehat hackers compete over a reward pool by submitting impactful bugs in the project's code.
Before the Attackathon
Immunefi works with the project to host a security-focused education period, providing top tier education and support to security researchers.During the Attackathon
Whitehats experience ideal bughunting conditions, with direct project support, responsiveness, and duplicate rewards.After the Attackathon
Immunefi spotlights the security accomplishments, with a custom leaderboard, Attackathon findings report, bug fix reviews, and NFT awards.Ultimately, Attackathons serve to secure projects, develop their security ecosystem, and create new opportunities for whitehats.
source: Fuel Attackathon | Immunefi
Before going deep into Fuel, I thought I'd have a look and feel for the Sway programming language. Using the documentation, I'll get setup and follow the Developer Quickstart Quide for one of the development tutorials.
Smart Contract Quickstart: Fuel Injection Installation
NB: I'm using VS Code as my editor, and I will continue my journey with Radicle and use that as my repo instead of Github. Also, I installed the Sway extension as recommended by Fuel.
We firstly create a working directory and initialise a git repo.
mkdir counter-tutorial
git init
Then we install fuel following the instructions
curl https://install.fuel.network | sh
Straightforward and didn't run into any issues. I then did the update steps just in case.
fuelup update
updating the 'latest-x86_64-unknown-linux-gnu' toolchain
[00:00:00] [########################################] 4.84 KiB/4.84 KiB (0s) - Download complete Downloading: forc forc-explore forc-wallet fuel-core fuel-core-keygen
latest updated
updated components:
- forc 0.60.0
- forc-explore 0.28.1
- forc-wallet 0.7.1
- fuel-core 0.26.0
- fuel-core-keygen 0.26.0
The counter contract
So the following command will generate our Sway contract, I guess this is similar to any tutorials that provide pre-built examples to use.
forc template --template-name counter counter-contract
After this I can initialise my Radicle repo too.
rad node start
rad init
Output:
rad init
Initializing radicle ๐พ repository in /home/pxng0lin/web3/immunefi/fuel/fuel-tutorials..
โ Name Fuel tutorials
โ Description Fuel tutorials for development with Sway
โ Default branch main
โ Visibility public
โ Passphrase: [REDACTED*]
โ Unsealing key...
โ Repository fuel-tutorials created.
...
counter-contract
โโโ Forc.toml
โโโ src
โโโ main.sw
1 directory, 2 files
Building (compiling) the contract.
Following the instructions we can now build the contract
forc build
Creating a new `Forc.lock` file. (Cause: lock file did not match manifest)
Removing core
Removing counter
Removing std git+https://github.com/fuellabs/sway?tag=v0.31.1#c32b0759d25c0b515cbf535f9fb9b8e6fda38ff2
Adding core
Adding std git+https://github.com/fuellabs/sway?tag=v0.60.0#2f0392ee35a1e4dd80bd8034962d5b4083dfb8b6
Created new lock file at /home/pxng0lin/web3/immunefi/fuel/fuel-tutorials/counter-contract/Forc.lock
Finished debug [unoptimized + fuel] target(s) in 3.56s
Next we will setup a local wallet, this comes along side Fuel so we shouldn't have any issues here either.
forc wallet new
Since this is a tutorial I won't make the password complex, I'm more than likely to forget if I do.
Wallet mnemonic phrase: [REDACTED]
We will create a new wallet account to get our fuel address using the command forc wallet account new.
Please enter your wallet password to derive account 1:
Wallet address: [REDACTED]
Deploying our contract
We will now deploy to the testnet by running the command forc deploy --testnet. Once we've provided the password for our wallet we should receive confirmation of deployment.
Error!
What's this? So we are unable to deploy since we have 0 funds in our wallet. So in the tutorial we can get some funds from the faucet
After fuelling up we will try that again.
forc deploy --testnet
Finished release [optimized + fuel] target(s) in 3.28s
Please provide the password of your encrypted wallet vault at "[REDACTED]":
---------------------------------------------------------------------------
Account 1: [REDACTED]
Asset ID : f8f8b6283d7fa5b672b530cbb84fcccb4ff8dc40f8176ef4544ddb1f1952ad07
Amount : 2000049
---------------------------------------------------------------------------
Please provide the index of account to use for signing: 1
Do you agree to sign this transaction with [REDACTED]? [y/N]: y
Contract counter-contract Deployed!
Network: https://testnet.fuel.network
Contract ID: 0x71a2a7efd28e8b80388105cb3bb52ca5e100b21cb034ee6e44a5ffb135f7f361
Deployed in block 0018e86c
Success!
This finished the tutorial! So I'll also wrap it up here. The next step they have are further tutorials.
I'll have a read through the Sway documentation to get a better feel of what I'm looking at in the contract, and potentially move on to Sway Program Types and build a Predicate following the tutorial; until the next article, thanks for reading.
Subscribe to my newsletter
Read articles from Isa directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Isa
Isa
Former analyst with expertise in data, forecasting, and resource modeling, transitioned to cybersecurity over the past 4 years (as of May 2024). Passionate about security and problem-solving, utilising skills in data and analysis, for cybersecurity challenges. Experience: Extensive background in data analytics, forecasting, and predictive modelling. Experience with platforms like Bugcrowd, Intigriti, and HackerOne. Transitioned to Web3 cybersecurity with Immunefi, exploring smart contract vulnerabilities. Spoken languages: English (Native, British), Arabic (Fus-ha)