Capture the Ether is a "Capture the Flag" style game in which you hack Ethereum smart contracts to learn about security.
Spoiler Alert !
In this write-up, I will go through the first four challenges in the category labeled "Lotteries". Each of these challenges has its own difficulty level and reward points. Basically you can solve them by "guessing?" the right value of a variable in a given smart contract.
Guess the number
The smart contract for this challenge looks like this:
It has three functions :
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.4.21; | |
| contract GuessTheNumberChallenge { | |
| uint8 answer = 42; | |
| function GuessTheNumberChallenge() public payable { | |
| require(msg.value == 1 ether); | |
| } | |
| function isComplete() public view returns (bool) { | |
| return address(this).balance == 0; | |
| } | |
| function guess(uint8 n) public payable { | |
| require(msg.value == 1 ether); | |
| if (n == answer) { | |
| msg.sender.transfer(2 ether); | |
| } | |
| } | |
| } |
GuessTheNumberChallenge(): a payable constructor that tells you how much Ether is required when deploying the smart contract.
isComplete(): it returns true when the smart contract's balance is equal to 0.
guess(uint8 n): It takes a uint8 as an argument and compares it with the variable declared in line 4. If the numbers are equal, you will have your Ethers sent back to your address. Note that this function is payable and requires exactly 1 Ether to be sent when making a call.
Obviously, all we have to do is to invoke guess() with 42 as an argument. I used Web3.js (Ethereum JavaScript API) and MetaMask for this.
First you'll need to get the smart contract's ABI that will be used to make a contract instance. the Remix IDE will provide you with everything you need to get this done.
Paste in the code shown bellow and click on "Details"
You can then copy the ABI by clicking on the clipboard icon.
Remember that you can still use Remix to compile, deploy and interact with your smart contracts without having to write any code. I kinda preferred using Web3.js because it's more robust.
The final code to invoke the guess() function should look like this:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var abi = [{"constant":false,"inputs":[{"name":"n","type":"uint8"}],"name":"guess","outputs":[],"payable":true,"stateMutability":"payable","type":"function"},{"constant":true,"inputs":[],"name":"isComplete","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"inputs":[],"payable":true,"stateMutability":"payable","type":"constructor"}]; | |
| var contract = web3.eth.contract(abi); | |
| var contractInstance = contract.at('0xeD108ab8e7436fAa61b55591262abE1FD2C2E4Cb'); | |
| contractInstance.guess(42, {value: 1000000000000000000}, function(err, res) { }); |
Notice that the transaction must have exactly 1 ether (1e18 wei) in its value field, otherwise it would fail.
Clicking the "Check the solution" button in the game should give this (nice pixel art btw):
Guess the secret number
The code for this challenge is as follow:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.4.21; | |
| contract GuessTheSecretNumberChallenge { | |
| bytes32 answerHash = 0xdb81b4d58595fbbbb592d3661a34cdca14d7ab379441400cbfa1b78bc447c365; | |
| function GuessTheSecretNumberChallenge() public payable { | |
| require(msg.value == 1 ether); | |
| } | |
| function isComplete() public view returns (bool) { | |
| return address(this).balance == 0; | |
| } | |
| function guess(uint8 n) public payable { | |
| require(msg.value == 1 ether); | |
| if (keccak256(n) == answerHash) { | |
| msg.sender.transfer(2 ether); | |
| } | |
| } | |
| } |
The challenge says :
Same as the previous challenge, but this time we need to find a number that was hashed using the Keccak-256 hashing algorithm.
By looking at the code, you'll notice that guess() takes a uint8 parameter, and according to the documentation, the highest value of this type is smaller than 2000. Makes things easy, right ?
Now we know that the number we're looking for is less than 2000, we'll need to write a quick script to brute force it.
Here is what I came up with :
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var answerHash = '0xdb81b4d58595fbbbb592d3661a34cdca14d7ab379441400cbfa1b78bc447c365'; | |
| for(var i=0; i<2000; i++) { | |
| if(web3.sha3(i.toString(16), {encoding: 'hex'}) == answerHash) { | |
| console.log('Answer Found: ' + i); | |
| break; | |
| } | |
| } |
Executing it would give 170 as an answer:
Guess the random number
The smart contract given in this one looks like this :
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.4.21; | |
| contract GuessTheRandomNumberChallenge { | |
| uint8 answer; | |
| function GuessTheRandomNumberChallenge() public payable { | |
| require(msg.value == 1 ether); | |
| answer = uint8(keccak256(block.blockhash(block.number - 1), now)); | |
| } | |
| function isComplete() public view returns (bool) { | |
| return address(this).balance == 0; | |
| } | |
| function guess(uint8 n) public payable { | |
| require(msg.value == 1 ether); | |
| if (n == answer) { | |
| msg.sender.transfer(2 ether); | |
| } | |
| } | |
| } |
Our smart contract was deployed to address 0xd5Ce10BE3745114aABf0382556439bA3Ecb2a524. We can easily lookup the block number in which the transaction was included using Etherscan.
Here is the script I used to calculate the answer using the appropriate parent hash and timestamp :
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var data = {}; | |
| web3.eth.getBlock(3045393, function(err, res) { | |
| data.parentHash = res.parentHash; | |
| data.timestamp = res.timestamp; | |
| var answerHash = web3.sha3([res.parentHash.slice(2), res.timestamp.toString(16).padStart(64, "0")].join(''), {encoding: 'hex'}) | |
| data.answer = parseInt(answerHash.slice(-2), 16); | |
| console.log(data); | |
| }); |
The answer for this challenge was 73.
Guess the new number
In this challenge, the answer is generated on the fly inside the guess() function.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.4.21; | |
| contract GuessTheNewNumberChallenge { | |
| function GuessTheNewNumberChallenge() public payable { | |
| require(msg.value == 1 ether); | |
| } | |
| function isComplete() public view returns (bool) { | |
| return address(this).balance == 0; | |
| } | |
| function guess(uint8 n) public payable { | |
| require(msg.value == 1 ether); | |
| uint8 answer = uint8(keccak256(block.blockhash(block.number - 1), now)); | |
| if (n == answer) { | |
| msg.sender.transfer(2 ether); | |
| } | |
| } | |
| } |
My first approach to solve this was to predict the block timestamp based on the latest block's timestamp and the average block time which was 14 seconds at the time, and using a higher Gas price to ensure that my transaction is included in the next block.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| web3.eth.getBlock('latest', function(e, r) { | |
| var data = {number: r.number, hash: r.hash, timestamp: r.timestamp }; | |
| var sha3 = web3.sha3([data.hash.slice(2), (data.timestamp + 14).toString(16).padStart(64, "0")].join(''), {encoding: 'hex'}); | |
| data.answer = parseInt(sha3.slice(-2), 16); | |
| contractInstance.guess(data.answer, {value: 1000000000000000000}, function(x, v) { }) | |
| }); |
After a few attempts, I realized that I should be doing this from within a smart contract, since we'll have access to the transaction's properties (block.number and block.timestamp).
Here is the smart contract I made to call guess() from the GuessTheNewNumberChallenge contract with the correct values :
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.4.21; | |
| contract GuessTheNewNumberChallenge { | |
| function GuessTheNewNumberChallenge() public payable { | |
| require(msg.value == 1 ether); | |
| } | |
| function isComplete() public view returns (bool) { | |
| return address(this).balance == 0; | |
| } | |
| function guess(uint8 n) public payable { | |
| require(msg.value == 1 ether); | |
| uint8 answer = uint8(keccak256(block.blockhash(block.number - 1), now)); | |
| if (n == answer) { | |
| msg.sender.transfer(2 ether); | |
| } | |
| } | |
| } | |
| contract GuessTheNewNumber { | |
| address contractAddr = 0x1EcdC138B0607AE8f689B6E21EFD9AbEaBee2ACa; | |
| address owner; | |
| function() public payable {} | |
| function GuessTheNewNumber() public payable { | |
| require(msg.value == 1 ether); | |
| owner = msg.sender; | |
| } | |
| function withdraw() public { | |
| owner.transfer(address(this).balance); | |
| } | |
| function mguess() public { | |
| uint8 answer = uint8(keccak256(block.blockhash(block.number - 1), now)); | |
| GuessTheNewNumberChallenge s = GuessTheNewNumberChallenge(contractAddr); | |
| s.guess.value(1 ether)(answer); | |
| } | |
| } |
 |
| https://ropsten.etherscan.io/address/0xeabd25449222897ab4046ee172b0eb9ebbdc0d02#internaltx |
And voila, it's done.
Well, that's how far I could get for now. This game was extremely fun and I wish I had more free time to play more.
well done 😉😉. thank you for this
ReplyDelete