paint-brush
Ethernaut Lvl 0 Walkthrough: ABIs, Web3, and how to abuse themby@nicolezhu
4,852 reads
4,852 reads

Ethernaut Lvl 0 Walkthrough: ABIs, Web3, and how to abuse them

by NicoleZhuJuly 25th, 2018
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

This is a <a href="https://medium.com/@nicolezhu" target="_blank">in-depth series</a> around <a href="https://openzeppelin.org/" target="_blank">Zeppelin</a>’s smart contract <a href="https://ethernaut.zeppelin.solutions/" target="_blank">security puzzles</a>. I’ll give you the direct resources and key concepts<em> </em>you’ll need to solve the puzzles 100% on your own.

Coin Mentioned

Mention Thumbnail
featured image - Ethernaut Lvl 0 Walkthrough: ABIs, Web3, and how to abuse them
NicoleZhu HackerNoon profile picture

Make a smart contract do things it didn’t want to…

This is a in-depth series around Zeppelin’s smart contract security puzzles. I’ll give you the direct resources and key concepts you’ll need to solve the puzzles 100% on your own.

Over the next weeks, we’ll reproduce how some serious hacks were induced, notably:

Required: Basic knowledge of smart contract development

How Ethernaut works

All smart contract source code are compiled into two formats, by the Ethereum Virtual Machine (EVM):

  • Application Binary Interface (ABI): a communication layer between solidity and Javascript, in JSON format
  • Bytecode: the low level machine language that gets executed by the the EVM

When you request get a new instance for each level, Ethernaut deploys the compiled bytecode to a new address on the Ropsten test network:

Once this new instance is created on the blockchain, its address is returned to your web client through an event, as seen in the game’s main contract, Ethernaut.sol:

https://github.com/OpenZeppelin/ethernaut/blob/master/contracts/Ethernaut.sol

Finally, Web3 wraps an ABI around this new contract instance, and allows you to interact with the contract through your web console.

Notice that all `public` functions are available in the web client

Detailed Walkthrough

This level requires you to guess a secret password in order to “get cleared” to move on.

  1. Notice that Ethernaut passed a secret _password into the constructor, when it created your contract instance:



function Instance(string _password) public {password = _password;}

2. This password is stored as a public string variable

string public password;

3. All public, basic variable types in Solidity have an auto-generated getter function. This means you can directly read this not-so-secret password by typing into the console:

await contract.password()

You can use async/await to work with Web3 promises with more ease

4. To pass this level, simply call the final authenticate function and pass in the retrieved password, via the console:

await contract.authenticate("[password here]");

You’ll be modifying storage in the authenticate function, so expect to pay some gas when calling this transaction.

5. Finally, you should be able to double check if you’ve passed this level:

await contract.getCleared();

Key Security Takeaways

  • All functions and variables stored on the blockchain are viewable by the public
  • Never store passwords directly inside a smart contract, (not even as private variables, as we’ll learn shortly)

More Levels


Ethernaut Lvl 1 Walkthrough: how to abuse the Fallback function_This is a in-depth series around Zeppelin team’s smart contract security puzzles. I’ll give you the direct resources…_hackernoon.com


Ethernaut Lvl 2 Fallout Walkthrough: how simple developer errors become big mistakes_This is a in-depth series around Zeppelin team’s smart contract security puzzles. I’ll give you the direct resources…_medium.com