Qualifier Challenge - CROMU_00028

Original Versions

Known Vulnerabilities

  • CWE-129 - Improper Validation of Array Index
  • CWEs are listed as indicated by the challenge author.


  • ForAllSecure: 4.0
  • CodeJitsu: 2.45
  • TrailofBits: 0.14
  • Disekt: 0.0
  • TECHx: 0.0
  • Shellphish: 0.0
  • CSDS: 0.0
  • FuzzBOMB: 0.0
  • DeepRed: 0.0
  • The maximum score for each challenge in CQE is 4, following the CQE Scoring Document.

Passed consensus evaluation

  • CodeJitsu - CB1
  • CSDS - CB1
  • ForAllSecure - CB1
  • TECHx - CB1
  • TrailofBits - CB1

Proved a POV in reference challenge

Defense against reference POVs

  • ForAllSecure: 100.0% - CB1
  • CodeJitsu: 100.0% - CB1
  • TECHx: 100.0% - CB1
  • CSDS: 100.0% - CB1
  • TrailofBits: 100.0% - CB1

No submission

  • Eighth Place Team
  • Eleventh Place Team
  • Fifth Place Team - Finalist
  • First Place Team - Finalist
  • Fourth Place Team - Finalist
  • Ninth Place Team
  • Second Place Team - Finalist
  • Seventh Place Team - Finalist
  • Sixth Place Team - Finalist
  • Tenth Place Team
  • Third Place Team - Finalist
  • Thirteenth Place Team
  • Twelfth Place Team

All Submissions

Author Information

Bryce Kerley bk@cromulence.co

DARPA performer group

Cromulence (CROMU)


This challenge binary requires the solver to provide inputs for an algorithm that uses mixed floating point and integer operations on its inputs.

Feature List

The service opens with a simple "hello" message that must be returned by the client.

The client then sends 32 bits of input to the server, which is expanded using a custom RNG algorithm using mixed floating-point and integer operations. The algorithm then takes more input, for a total of 256 bits of input, to reach an end state matching certain hardcoded properties.

Once the end state has been reached, the client is provided access to a set data structure implemented as a bitmap on the stack. However, the address space of the structure is larger than its capacity, allowing stack writes outside of its bounds.


The set data structure on the stack has incorrect bounds checking, allowing user control of individual bits above it on the stack.

CWE classification

CWE-129 Improper Validation of Array Index


The primary difficulty with this challenge is solving for specific outputs with mixed floating-point and integer operations.

Curated by Lunge Technology, LLC. Questions or comments? Send us email