This codelab will walk you through how to set up an Ethereum wallet via your browser with Metamask as well as an account on the Security Innovation CTF. Throughout this sequence of codelabs, you may find you'd like more information about what is going on. For this, I would recommend visiting https://github.com/ethereumbook/ethereumbook/blob/develop/02intro.asciidoc or viewing the associated screencast lectures available from class.

What you'll learn

What you'll need

  1. Go to https://metamask.io/
  2. Add Metamask plugin (Brave) or extension (Chrome or Firefox)

Follow instructions to create a wallet for use for the course (Do NOT use one that you use for actual Ethereum transactions)

  1. Open up the plug-in from the upper right corner of your browser
  2. Click on "Create a Wallet". If you already have a wallet from a different instance of Metamask, click on "Import Wallet" and enter your 12-word seed phrase which represents the private key that is associated with your wallet's address.

  1. Create a password for unlocking the wallet when you want to use it with a Web3 site that interfaces with one of the public blockchains
  2. Record your "secret backup phrase". This represents the private key for your wallet. If the computer that your wallet resides on dies and you have lost this phrase, your wallet funds are lost. If someone else gets your phrase, they can empty out your wallet. Fortunately, for the purposes of this course, we will only be using the test networks for our labs and not networks that require real $ so it won't matter if you lose it.

  1. Example

  1. Validate the phrase to ensure its correctness

  1. Success!

  1. Your recovery seed phrase can be used to move your wallet from browser to browser or from one machine to another. For CS students, we will go through this process in a subsequent lab in the course where we will transfer your wallet to an instance of an Ethereum light node that you will set up and run.

If you have managed to lose your secret recovery seed phrase, but still have access to the machine your wallet is on, you can log into the wallet and export it again. To do so, follow these instructions:

  1. Click on your account circle in upper right of the Metamask plug-in window, then click on "Settings" at the bottom

  1. Then, click on "Security & Privacy", then on "Reveal Seed Words"

  1. Copy words to a safe place
  2. When you wish to move your wallet to a different machine or browser, you can go to Metamask on the target machine/browser, then click on "Import Account" in UI to enter the seed words to recover access to your wallet.

To work with the labs in this course, perform the following within Metamask.

  1. Click on the Metamask icon
  2. Select the network drop-down and select the "Ropsten Test Network" if it hasn't been selected already

  1. Copy your public address on Ethereum

  1. Copy address and include it as the first entry into your lab notebook. This address must appear on screenshots for labs that appear in the rest of the lab notebook. Example in a Google Doc below:

  1. For CS students, create a file in your git repository at hw1/wallet.txt and copy the address into it. Commit and push it.

Grab up to 5 ETH from the faucet for your wallet(sources listed as below)

Metamask faucet

Belgian Ropsten faucet

We will be playing levels from Security Innovation's Blockchain CTF in order to get practice navigating smart contracts and seeing how they can be exploited. To setup an account on the CTF, perform the following

  1. Go to https://blockchain-ctf.securityinnovation.com. The Web3.js embedded on this site will try to automatically interact with Metamask to bind the wallet account you have created to the site. To do so, it will prompt you to connect to your wallet account in Metamask. This will be the case for other Web3 apps (e.g. Remix, Ropsten faucets, etc.)
  2. In the pop-up you receive, click "Connect"

  1. On the site, click "Sign Up"

  1. Sign up a username using the quarter and the year of the course along with your OdinID. You may not receive credit for your work on the CTF without having an appropriately named account. For example, for Fall of 2019, I would create a username on the site f19wuchang

  1. Confirm the transaction

  1. Click on "Dashboard" to show the game levels. You will be using your ETH to seed and deploy a series of vulnerable smart contracts running on Ropsten that you will then exploit The amount of ETH you can get back from the smart contracts determines your CTF score.
  1. Click "Login" if you need to return to dashboard if you've been signed out and need to reconnect your wallet to the site.

You are ready to perform the initial labs for the course (and are now one step closer to losing all of your ETH on the blockchain)! Celebrate (or not)! :)