#HOW_TO_PLAY #ETHERNAUT
⁉️ How To Play ?
1️⃣ Get Contract Address: Open the challenge web page [ https://ethernaut.openzeppelin.com/ ], click on Get new instance Button, check Console tab and copy Instance address
2️⃣ Code an Exploit: make new foundry project, create an Solidity file at /src Folder.
3️⃣ Deploy: Deploy your Attack contract using foundry. it will return some data which include the address of Attack contract [ Deployed to ]
4️⃣ Hack: Call your attack() function, then submit Submit instance.
⁉️ Foundry Commands:
1️⃣ Make New Temp Foundry Project
2️⃣ Deploy Contract
⁉️ Extra Notes
1️⃣ i put sepolia RPC url for you but you can get from [ https://chainlist.org/chain/11155111?testnets=true ]
2️⃣ you can get 0.25 ETH sepolia faucet daily from [ https://faucets.chain.link/sepolia ]
3️⃣ you can read more about Foundry form [ https://book.getfoundry.sh/ ]
4️⃣ you can get more information about challenge from Console tab and call help() function
5️⃣ you can find challenges by searching using this hashtag syntax:
- #level_X (X = level number)
- #CHALLENGE_NAME (first letter of every word is big and the space replaced with _)
6️⃣ you can have an interaction with contracts using cast. read more about it from [ https://book.getfoundry.sh/reference/cast ]
7️⃣ if you got unknown sh*t error while using cast and the function which called is transfering ether, just set gas limit on 10000000 or something else
8️⃣ i don't explain the attack senario, i don't analysis the code & i don't explain how to prevent, just post the solution of challenge for you
9️⃣ you can pass arguments to your constructor while deploying contract using --constructor-args switch
🥷🍷 <Happy Hacking/>
⁉️ How To Play ?
1️⃣ Get Contract Address: Open the challenge web page [ https://ethernaut.openzeppelin.com/ ], click on Get new instance Button, check Console tab and copy Instance address
2️⃣ Code an Exploit: make new foundry project, create an Solidity file at /src Folder.
3️⃣ Deploy: Deploy your Attack contract using foundry. it will return some data which include the address of Attack contract [ Deployed to ]
4️⃣ Hack: Call your attack() function, then submit Submit instance.
⁉️ Foundry Commands:
1️⃣ Make New Temp Foundry Project
mkdir Ethernaut
cd Ethernaut
forge init .
2️⃣ Deploy Contract
forge create src/ATTACK_FILE_NAME.sol:ATTACK_CONTRACT_NAME --rpc-url wss://ethereum-sepolia-rpc.publicnode.com --private-key YOUR_WALLET_PRIVATE_KEY --value 0.01ether
⁉️ Extra Notes
1️⃣ i put sepolia RPC url for you but you can get from [ https://chainlist.org/chain/11155111?testnets=true ]
2️⃣ you can get 0.25 ETH sepolia faucet daily from [ https://faucets.chain.link/sepolia ]
3️⃣ you can read more about Foundry form [ https://book.getfoundry.sh/ ]
4️⃣ you can get more information about challenge from Console tab and call help() function
5️⃣ you can find challenges by searching using this hashtag syntax:
- #level_X (X = level number)
- #CHALLENGE_NAME (first letter of every word is big and the space replaced with _)
6️⃣ you can have an interaction with contracts using cast. read more about it from [ https://book.getfoundry.sh/reference/cast ]
7️⃣ if you got unknown sh*t error while using cast and the function which called is transfering ether, just set gas limit on 10000000 or something else
8️⃣ i don't explain the attack senario, i don't analysis the code & i don't explain how to prevent, just post the solution of challenge for you
9️⃣ you can pass arguments to your constructor while deploying contract using --constructor-args switch
🥷🍷 <Happy Hacking/>
Openzeppelin
The Ethernaut
Web3/Solidity based wargame played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be 'hacked'.
2️⃣ #ETHERNAUT #level_2 #Fallout
i solved this challenge using cast :
but i wrote the Solidity code too.
🥷🍷 <Happy Hacking/>
i solved this challenge using cast :
cast send $CHALLENGE_CONTRACT_ADDRESS "Fal1out()" --rpc-url $RPC_URL --private-key $PRIVATE_KEY
but i wrote the Solidity code too.
🥷🍷 <Happy Hacking/>
4️⃣ #ETHERNAUT #level_4 #Telephone
must run the attack() function using cast:
🥷🍷 <Happy Hacking/>
must run the attack() function using cast:
cast send $CHALLENGE_CONTRACT_ADDRESS "attack(address)" $PLAYER_ADDRESS --rpc-url $RPC_URL --private-key $PRIVATE_KEY
🥷🍷 <Happy Hacking/>
6️⃣ #ETHERNAUT #level_6 #Delegation
must solve this challenge using cast and call the challenge contract :
but i wrote the Solidity Code too,
🥷🍷 <Happy Hacking/>
must solve this challenge using cast and call the challenge contract :
cast send $CHALLENGE_CONTRACT_ADDRESS "pwn()" --rpc-url $RPC_URL --private-key $PRIVATE_KEY
but i wrote the Solidity Code too,
🥷🍷 <Happy Hacking/>
8️⃣ #ETHERNAUT #level_8 #Vault
you can access the private variables using cast :
🥷🍷 <Happy Hacking/>
you can access the private variables using cast :
cast storage $CHALLENGE_CONTRACT_ADDRESS 1 --rpc-url $RPC_URL
🥷🍷 <Happy Hacking/>
1️⃣2️⃣ #ETHERNAUT #level_12 #Privacy
you can access the private variables using cast :
🥷🍷 <Happy Hacking/>
you can access the private variables using cast :
cast storage $CHALLENGE_CONTRACT_ADDRESS 5 --rpc-url $RPC_URL
🥷🍷 <Happy Hacking/>
🔑 Smart Contract Obfuscation Techniques
1️⃣ https://titan.csit.rmit.edu.au/~e13322/hai_dong/papers/Bian_TSE2022.pdf
2️⃣ https://www.mecs-press.org/ijmsc/ijmsc-v8-n3/IJMSC-V8-N3-3.pdf
3️⃣ https://degatchi.com/articles/smart-contract-obfuscation/
1️⃣ https://titan.csit.rmit.edu.au/~e13322/hai_dong/papers/Bian_TSE2022.pdf
2️⃣ https://www.mecs-press.org/ijmsc/ijmsc-v8-n3/IJMSC-V8-N3-3.pdf
3️⃣ https://degatchi.com/articles/smart-contract-obfuscation/
🔥2
📦 Transient Storage
1️⃣ https://hackernoon.com/transient-storage-ethereums-game-changing-feature
2️⃣ https://etherworld.co/2022/12/13/transient-storage-for-beginners/
3️⃣ https://soliditylang.org/blog/2024/01/26/transient-storage/
4️⃣ https://youtu.be/0-hiB5I39Mk?si=-0qy3ZeiuW_L9D8p
5️⃣ https://solidity-by-example.org/transient-storage/
6️⃣ https://www.evm.codes/#5c?fork=cancun
1️⃣ https://hackernoon.com/transient-storage-ethereums-game-changing-feature
2️⃣ https://etherworld.co/2022/12/13/transient-storage-for-beginners/
3️⃣ https://soliditylang.org/blog/2024/01/26/transient-storage/
4️⃣ https://youtu.be/0-hiB5I39Mk?si=-0qy3ZeiuW_L9D8p
5️⃣ https://solidity-by-example.org/transient-storage/
6️⃣ https://www.evm.codes/#5c?fork=cancun
Hackernoon
Transient Storage: Ethereum's Game-Changing Feature
Explore Transient Storage in Ethereum: a game-changer reducing transaction costs and enhancing operations. Discover its mechanism, significance, and use cases.
🧩 Function's Correct order
[public/external/internal/private] [view/pure/none] [payable|OPTIONAL] [virtual|OPTIONAL] [override|OPTIONAL] [customModifier|OPTIONAL] [returns|OPTIONAL]
🔎 Decode The `msg.data`
⁉️ Why msg.data[4:] => Because the first 4-byte of data is function signature
⁉️ Why msg.data[4:] => Because the first 4-byte of data is function signature
// SPDX-License-Identifier: MIT
pragma solidity 0.8.20;
contract Decode {
function run(
string memory _i1,
address _i2,
uint256 _i3,
bool _i4
) public pure returns (
string memory,
address,
uint256,
bool
) {
return abi.decode(
msg.data[4:],
(string,address,uint256,bool)
);
}
}