Back to challenges
Open to all

Arkiv Audit Trail - Verify the Ledger

Turn your team’s audit entity to status="Audit Completed" by publishing checksum verifications for all listed statements.

Beginner

Reward Details

$150 worth of GLM tokens

Arkiv Audit Trail - Verify the Ledger

Difficulty: Beginner

Three pending statements need your sign-off. Hash each record exactly, prove the checksums on-chain, and clear the audit queue.

Objective

Turn your team’s audit entity to status="Audit Completed" by publishing checksum verifications for all listed statements.

How To Join

Install the Arkiv SDK and follow the quickstart at https://arkiv.network/#getting-started.

Choose and fund the wallet you will use, then export it as ARKIV_PRIVATE_KEY (the 0x prefix is optional). Use the Mendoza faucet at https://mendoza.hoodi.arkiv.network/faucet/ and watch entities via https://explorer.mendoza.hoodi.arkiv.network/.

Point your scripts at the Mendoza endpoints before running anything:

export ARKIV_RPC_URL=https://mendoza.hoodi.arkiv.network/rpc
export ARKIV_WS_URL=wss://mendoza.hoodi.arkiv.network/rpc/ws

Register on-chain by creating an entity with register_for="arkiv-audit-trail" and team="<your team name>".

Example registration snippet:

#!/usr/bin/env bun

import { createWalletClient, http, type Hex } from "@arkiv-network/sdk"
import { privateKeyToAccount } from "@arkiv-network/sdk/accounts"
import { mendoza } from "@arkiv-network/sdk/chains"
import { ExpirationTime, jsonToPayload } from "@arkiv-network/sdk/utils"

const SLUG = "arkiv-audit-trail"
const RPC_URL = process.env.ARKIV_RPC_URL ?? "https://mendoza.hoodi.arkiv.network/rpc"

async function register(team: string): Promise<void> {
    const privateKey = (process.env.ARKIV_PRIVATE_KEY ?? "").trim() as Hex
    if (!privateKey) {
        throw new Error("Set ARKIV_PRIVATE_KEY before running this script")
    }

    const account = privateKeyToAccount(privateKey)
    const walletClient = createWalletClient({ chain: mendoza, transport: http(RPC_URL), account })

    const { entityKey, txHash } = await walletClient.createEntity({
        payload: jsonToPayload({ intent: "register" }),
        contentType: "application/json",
        attributes: [
            { key: "register_for", value: SLUG },
            { key: "team", value: team },
        ],
        expiresIn: ExpirationTime.fromMinutes(10),
    })

    console.log(`Registered ${team} entity=${entityKey} tx=${txHash}`)
}

register("your-team-name").catch((error) => {
    console.error(error)
    process.exit(1)
})

After registration the service provisions an audit entity annotated with ctf="arkiv-audit-trail" and audit_for="<registration id>". Each payload lists three statements with id, prefix, description, and content. Hash each content string with SHA-256, then publish a verification entity annotated with verify_for_audit="<audit id>", statement_id="<id>", and team. The JSON body must be { "checksum": "<64-hex-sha256>" }. Three correct hashes move the audit to Audit Completed and reveal the flag.

Support

Drop a message in the #CTFs channel on Discord.