This is a in-depth series around Zeppelin’s smart contract security puzzles. I’ll give you the direct resources and key concepts you’ll need to solve the puzzles 100% on your own.
Over the next weeks, we’ll reproduce how some serious hacks were induced, notably:
Required: Basic knowledge of smart contract development
All smart contract source code are compiled into two formats, by the Ethereum Virtual Machine (EVM):
When you request get a new instance
for each level, Ethernaut deploys the compiled bytecode to a new address on the Ropsten test network:
Once this new instance is created on the blockchain, its address is returned to your web client through an event, as seen in the game’s main contract, Ethernaut.sol
:
https://github.com/OpenZeppelin/ethernaut/blob/master/contracts/Ethernaut.sol
Finally, Web3 wraps an ABI around this new contract instance, and allows you to interact with the contract through your web console.
Notice that all `public`
functions are available in the web client
This level requires you to guess a secret password in order to “get cleared” to move on.
_password
into the constructor, when it created your contract instance:
function Instance(string _password) public {password = _password;}
2. This password is stored as a public
string
variable
string public password;
3. All public, basic variable types in Solidity have an auto-generated getter function. This means you can directly read this not-so-secret password by typing into the console:
await contract.password()
You can use async/await to work with Web3 promises with more ease
4. To pass this level, simply call the final authenticate
function and pass in the retrieved password, via the console:
await contract.authenticate("[password here]");
You’ll be modifying storage in the authenticate function, so expect to pay some gas when calling this transaction.
5. Finally, you should be able to double check if you’ve passed this level:
await contract.getCleared();
private
variables, as we’ll learn shortly)
Ethernaut Lvl 1 Walkthrough: how to abuse the Fallback function_This is a in-depth series around Zeppelin team’s smart contract security puzzles. I’ll give you the direct resources…_hackernoon.com
Ethernaut Lvl 2 Fallout Walkthrough: how simple developer errors become big mistakes_This is a in-depth series around Zeppelin team’s smart contract security puzzles. I’ll give you the direct resources…_medium.com