web

casino

Punkty: 136
Rozwiązań: 83

Do you have any spare change laying around, how about investing in some premium stocks?

https://casino.ecsc26.hack.cert.pl/


main.py

# analysing this script is against the terms and conditions and is punishable up to 20 years in clanker jail
from random import seed, randint
from functools import reduce

from fastapi import FastAPI
from fastapi.middleware.cors import CORSMiddleware
from fastapi.staticfiles import StaticFiles
from fastapi.responses import FileResponse


from pydantic import BaseModel, model_validator, Field
import logging


log = logging.getLogger(__name__)
logging.basicConfig(level=logging.INFO)

FLAG = "ecsc26{READACTED-READACTED-READACTED}"

AVAILABLE_FUNDS = 1_000_000
MONTHS_SIMULATED = 6

app = FastAPI()
app.mount("/assets", StaticFiles(directory="static/assets"), name="static")


def simulate_market(a: int, b: int, c: int) -> list[int] | None:
    funds = a + b + c
    seed_x =  1337 * a + b
    seed_y = 420 * b - c

    if seed_x == seed_y:
        return None

    seed(seed_x)
    highs = [randint(1, funds) for _ in range(MONTHS_SIMULATED)]

    seed(seed_y)
    lows = [randint(1, funds) for _ in range(MONTHS_SIMULATED)]

    incomes = [min(x, y) / max(x, y) for x, y in zip(highs, lows)]

    output = []
    for e in incomes:
        output.append(int(funds))
        funds *= e
    return output


class BetRequest(BaseModel):
    a: int = Field(ge=0)
    b: int = Field(ge=0)
    c: int = Field(ge=0)

    @model_validator(mode='after')
    def validate_sum(self):
        if sum([self.a, self.b, self.c]) > AVAILABLE_FUNDS:
            raise ValueError("You're trying to bet more than you can chew")
        return self


class BetResponse(BaseModel):
    stocks: list[int]
    message: str


@app.get("/")
async def root():
    return FileResponse("static/index.html")


@app.post("/bet")
async def place_bet(bet: BetRequest):
    funds = bet.a + bet.b + bet.c
    simulated = simulate_market(bet.a, bet.b, bet.c)

    if not simulated:
        return BetResponse(
            stocks=[],
            message="Market error: You were too lucky"
        )

    if simulated[-1] == AVAILABLE_FUNDS:
        message = f"Insider trading detected: {FLAG}"
    elif simulated[-1] == funds:
        message = "That was too easy, how about wagering a bit more?"
    else:
        message = "Something terrible has happened to the market. We were 100% certain that those stocks were rock-solid😱"

    return BetResponse(
        stocks=simulated,
        message=message
    )

Format flagi: ecsc26{litery_cyfry_i_znaki_specjalne}.
W razie wątpliwości lub pytań dotyczących konkursu zapraszamy na naszego Discorda: https://discord.gg/gAtRKa2rcn.

Aby wysłać flagę, musisz się zalogować.