SCTF 2026 Writeup: DeFi TWAP Oracle + Groth16 ZK Witness
Platform SCTF 2026 Difficulty Hard (DeFi + ZK specialty track) OS Jeopardy — Blockchain / DeFi, ZK, Misc Tags reading UniswapV2 fork + EIP-7540 async vault + custom TWAP oracle in Foundry/Anvil, spotting that _consult anchors on observations outside the window, evicting the deploy-time observation by spamming the 8-slot ring buffer, composing a four-puzzle Groth16 claim bundle (Franklin–Reiter cube-root, secp256k1 small-x brute, 40-bit truncated keccak collision, Fermat factoring), generating a Poseidon-Merkle witness with domain-separated tag-1..6 calls in circomlibjs and submitting via snarkjs Groth16 fullprove SCTF 2026 is a specialty Jeopardy-style CTF whose challenge set leans hard into Solidity auditing and zero-knowledge plumbing. The two challenges this writeup covers — Chronostasis and The Last Honest Witness — sit at opposite ends of the same auditor’s toolbox. Chronostasis is a clean DeFi composition bug: three contracts that are each individually reasonable, glued together in a way that lets an attacker draw the LP price on the back of a napkin. The Last Honest Witness is a four-in-one cryptographic decathlon where the actual ZK proof is the easy part — the work is in the four side-puzzles wrapped around it. ...