Jan 22, 2024

ScaleBit zkCTF 2024 Guide


Welcome to the forefront of blockchain innovation with our zkCTF contest! In this guide, we’ll navigate you through the registration process for the ScaleBit zkCTF 2024. Whether you’re a blockchain enthusiast or an aspiring developer, this challenge is your gateway to showcase your prowess in Zero-Knowledge technology. Let’s embark on this exciting journey together!

1. Register for a zkCTF account and log in.

Open the zkCTF website link, then click the registration button in the top right corner.


Then, complete the registration process according to the requirements in the following image. Please use your real email address for registration.


After completing the registration, a verification email will be sent to your inbox. Click on the link in the email to complete the verification process. Then, you can use this account to log in.

2. Create (Join) a team

As this competition allows team participation, participants can join an existing team or create their own (as shown in the following image).


If you don’t want to join a team immediately after registration, you can also click the ‘Teams’ button in the top right corner of the website to proceed later.

(1) Join a team

To join a team, you need to enter the correct team name and team password. Each team can have a maximum of two players.

(2) Create a team

To create a team, set the team name and team password. Share this information with your teammates so they can join your team.

After joining or creating a team, you can see the team members and their scores

The four buttons in the following image can be used to edit team information, select a team leader, obtain a team-sharing link, and delete the team.

Note that once you have earned points, you cannot disband the team on your own. If you need to disband the team, please contact the staff.

3. Environmental Configuration

The following operation steps can be viewed in the Installation - Circom 2 Documentation

3.1 Dependency Installation


The circom tool uses an editor written in Rust. To make Rust available on your system, you can install rustup. If you are using Linux or macOS, please open the terminal and enter the following command:

curl --proto '=https' --tlsv1.2 -sSf | sh

If you are using Windows, please go to the following website and install according to the instructions:

(2)Installing netcat(nc)

For Linux systems, install using the following command:

yum install -y nc

For Windows systems, install according to the following tutorial:


The Node.js version should preferably be 10 or above, and you also need to install a package management tool such as Npm or Yarn.

3.2 Installing Circom

(1)First, clone the circom repository to your local machine

git clone

(2)Enter the Circom directory and use cargo build to compile

cargo build --release

This command will take about three minutes to complete. Once successfully downloaded, it will generate the circom binary file in the directory target/release.

(3)Install the binary file

Note: Make sure you are still in the circom directory when you execute this command.

cargo install --path circom

The above command will install the circom binary file into the directory $HOME/.cargo/bin.


Now, you should be able to use the –help flag to view all options of the executable file:

3.3 Installing snarkjs

snarkjs is an npm package that contains code for generating and verifying ZK proofs from artifacts produced by circom. You can install snarkjs using the following command:

npm install -g snarkjs

3.4.Metamask Configuration

Metamask can be downloaded in the Chrome or Edge extensions

(1)Go to the Metamask page and click on the network option in the top left corner


(2)Click on ‘Add Network’


(3)Choose ‘Add Network Manually’ at the bottom


(4)Enter the correct parameters as shown in the image below, then click save.


(5)You can switch to this network on the main page.


4. Click the challenge button to enter the question page.

The document provides ‘checkin’ as an example of problem-solving.

5.Checkin Solving

For reference on using ZK to verify circuits, refer to the Proving circuits with ZK - Circom 2 Documentation document.
‘checkin’ is a circuit written in circom. Click on ‘checkin’.

This will display detailed information about the ‘checkin’ challenge, as follows:

This competition uses a custom RPC chain:

Test coin faucet address:

You can view detailed information about the challenge at

The detailed solution steps are as follows:


First, execute the ‘nc’ command, nc 20000.

(2)Obtain an Account

Select option 1 to get an external account for deploying contracts.

The account address and token will be returned.

(3) Deploy the Contract

Go to the test coin faucet website to get some test coins for the generated account, then execute the ‘nc’ command again, select option 2, enter the previously generated token to deploy the contract.


(4) View the Source Code

Execute the ‘nc’ command again, select option 4, to view the contract source code.


(5)Solve the Challenge

Go to the GitHub repository to view the given challenge information.


There are three files given:

  • a circom circuit,
  • a solidity verification contract,
  • a zkey.

This challenge requires us to call the ‘verify’ function in the checkin.sol contract with two correct parameters for successful verification.

According to the Proving circuits with ZK - Circom 2 Documentation, you can generate the parameters required for the solidity verification contract with the ‘snarkjs generatecall’ command. But this requires us to generate public.json and proof.json, which in turn require the zkey and wtns files. The zkey is already provided, so we need to generate the wtns file.

According to the Computing the witness - Circom 2 Documentation, you first need to compile the circom file, then go to the js folder, edit an input parameter json file, and then call the command ‘node generate_witness.js checkin.wasm input.json witness.wtns’ to generate the wtns file. Since the checkin challenge has no restrictions, we can use any two pieces of data, but note that we use strings, not numbers. The specific steps are as follows:

First step: Compile


Second step: Compute the witness

my input.json:

node generate_witness.js checkin.wasm input.json witness.wtns


Third step: Generate proof.json and public.json

Since the contract verification only needs _proof and _pubSignals, we use plonk instead of groth16 here

snarkjs plonk prove checkin.zkey witness.wtns proof.json public.json


Fourth step: Generate proof.json and public.json

Fifth step: Interact with the contract through Remix and Metamask, calling the function

Select ‘Injected Provider’ for the environment, which will automatically pop up the Metamask window for confirmation and connection to the wallet


Enter the generated contract address in the red box, click ‘At Address’, and you can see the contract interaction interface under ‘Deployed Contracts’


Enter the two generated parameters, click the yellow ‘verify’ button, a Metamask popup will appear, confirm the transaction (make sure your account has test coins when calling)


Wait for the transaction to complete, click ‘isSolved’ to check the flag status. If it’s true, it means the call was successful, and you can get the flag


(6)After successfully solving the challenge, execute the ‘nc’ command again, select option 3, enter the token generated in the first step, and obtain the flag


(7)Finally, submit the flag on the zkCTF website to get points


6.Continue Solving Problems

The solution steps for subsequent challenges are similar to the sample challenge ‘checkin’, for your reference. Good luck to all participants!

Thank you for following our guide on registering and participating in the ScaleBit zkCTF 2024. We’re excited to see the innovative solutions you’ll bring to the competition. Don’t hesitate – take the leap, register now, and be part of this cutting-edge blockchain journey. Good luck, and see you at the contest!

Register zkCTF 2024 NOW
Live Support in Telegram Group

About ScaleBit

ScaleBit, a subsidiary brand of BitsLab, is a blockchain security team that provides security solutions for Mass Adoption of Web3. With expertise in scaling technologies like blockchain interoperability and zero-knowledge proofs, we provide meticulous and cutting-edge security audits for blockchain applications. The team comprises security professionals with extensive experience in both academia and enterprise. Our mission is to provide security solutions for Web3 Mass Adoption and make security accessible for all.

Requests a quote