Ethernaut Lvl 0 Walkthrough: ABIs, Web3, and how to abuse them by@nicolezhu

Ethernaut Lvl 0 Walkthrough: ABIs, Web3, and how to abuse them

July 25th 2018 4,300 reads
Read on Terminal Reader
react to story with heart
react to story with light
react to story with boat
react to story with money
image

image

Make a smart contract do things it didn’t want to…

This is a in-depth series around Zeppelin’s smart contract security puzzles. I’ll give you the direct resources and key concepts you’ll need to solve the puzzles 100% on your own.

Over the next weeks, we’ll reproduce how some serious hacks were induced, notably:

Required: Basic knowledge of smart contract development

How Ethernaut works

All smart contract source code are compiled into two formats, by the Ethereum Virtual Machine (EVM):

  • Application Binary Interface (ABI): a communication layer between solidity and Javascript, in JSON format
  • Bytecode: the low level machine language that gets executed by the the EVM

When you request get a new instance for each level, Ethernaut deploys the compiled bytecode to a new address on the Ropsten test network:

image

Once this new instance is created on the blockchain, its address is returned to your web client through an event, as seen in the game’s main contract, Ethernaut.sol:

https://github.com/OpenZeppelin/ethernaut/blob/master/contracts/Ethernaut.sol

Finally, Web3 wraps an ABI around this new contract instance, and allows you to interact with the contract through your web console.

image

Notice that all `public` functions are available in the web client

Detailed Walkthrough

This level requires you to guess a secret password in order to “get cleared” to move on.

  1. Notice that Ethernaut passed a secret _password into the constructor, when it created your contract instance:



function Instance(string _password) public {password = _password;}

2. This password is stored as a public string variable

string public password;

3. All public, basic variable types in Solidity have an auto-generated getter function. This means you can directly read this not-so-secret password by typing into the console:

await contract.password()

You can use async/await to work with Web3 promises with more ease

4. To pass this level, simply call the final authenticate function and pass in the retrieved password, via the console:

await contract.authenticate("[password here]");

You’ll be modifying storage in the authenticate function, so expect to pay some gas when calling this transaction.

5. Finally, you should be able to double check if you’ve passed this level:

await contract.getCleared();

Key Security Takeaways

  • All functions and variables stored on the blockchain are viewable by the public
  • Never store passwords directly inside a smart contract, (not even as private variables, as we’ll learn shortly)

More Levels


Ethernaut Lvl 1 Walkthrough: how to abuse the Fallback function_This is a in-depth series around Zeppelin team’s smart contract security puzzles. I’ll give you the direct resources…_hackernoon.com


Ethernaut Lvl 2 Fallout Walkthrough: how simple developer errors become big mistakes_This is a in-depth series around Zeppelin team’s smart contract security puzzles. I’ll give you the direct resources…_medium.com

react to story with heart
react to story with light
react to story with boat
react to story with money

Related Stories

L O A D I N G
. . . comments & more!