One of the ways different organizations evaluate the security of their data services is holding a specific kind of competition called “capture the flag”. In this competition, the organization defines some goals and problems for the participants which mainly consist of hacker teams. The participating teams should solve these problems within a specific duration of time. These goals or problems, which also called “flags”, are mainly a string of characters in a specific location.
Aside from the way these competitions are held, one of the main challenges that affect the participating teams and the quality of the competitions is the centralized structure of holding these competitions. In other words, in most competitions, after solving the problem and finding the flag, the participating teams should send their answers to a server to collect their reward base on the time spent and other parameters in case their answer is correct. However, because the way these competitions are held is centralized, there is always a risk that the organization holding the competition might not give the reward to the winning teams. There is also this problem that entering the competitions might cost a lot of money for participating teams and this prevents some talented teams from entering the competition and this might decrease the quality of the competition.
For solving this problem the competitions should be held in a decentralized and distributed manner so that the participating teams are sure of their reward in case they win. This surely helps more talented teams enter the competition which in return causes a more precise evaluation of the security of data services. For implementing a decentralized structure for holding these competitions, we use Ethereum based smart contracts.