SekaiCTF 2026 - Blockchain Writeups (Part 2): PP Farming 2

Mon, 29 Jun 2026 19:16:35 +0300

Introduction

This post continues my SekaiCTF 2026 writeup series, this time focusing on the second blockchain challenge I solved during the competition: PP Farming 2.

Unlike the first challenge, which revolved around a classic reentrancy vulnerability, this challenge presented a more subtle issue. The challenge author attempted to eliminate the original vulnerability by introducing a reentrancy guard, but in doing so accidentally introduced an entirely different class of vulnerability involving Solidity’s delegatecall instruction.

SekaiCTF 2026 - Blockchain Writeups (Part 1): PP Farming

Mon, 29 Jun 2026 14:16:35 +0300

Introduction

After solving the cryptography challenge presented in the previous post, I decided to explore another category of SekaiCTF 2026. This time, I focused on blockchain challenges, which offered a completely different set of problems centered around smart contract security and decentralized application logic. Unlike traditional binary exploitation or cryptographic attacks, blockchain challenges often require identifying flaws in contract design, state management and interactions between multiple contracts.

The challenge discussed in this post is PP Farming, an Ethereum smart contract challenge that demonstrates one of the most well-known vulnerabilities in smart contract development: reentrancy. Although this class of vulnerability has been extensively studied since the infamous DAO exploit, it continues to appear in Capture The Flag competitions because it teaches an important security principle that every smart contract developer should understand.

Smart Contract Security on pnasis

SekaiCTF 2026 - Blockchain Writeups (Part 2): PP Farming 2

Introduction

SekaiCTF 2026 - Blockchain Writeups (Part 1): PP Farming

Introduction