DEV Community

Erhan Tezcan
Erhan Tezcan

Posted on

3 1

Ethernaut: 0. Hello Ethernaut

#solidity #ethereum #openzeppelin #security

Play the level

Welcome! It is going to be a long but immensely educational road. This level prepares you on how to use the console. Start by typing help()! Get comfortable with the commands you see there. You will need some test ether too, so please do visit the faucets linked there and get some ether!

  1. To start, click on the big blue button to get a new level instance. This will be your target contract on all puzzles. You will be doing stuff to it, hijacking it's ownership, draining its balance and whatever!

  2. The rest of the level starts by calling contract.info(). In Chrome v62 (or Brave browser), you can use await in the console. That makes things a lot easier; call await contract.info(). Note that once you get to contract. the console will show you the properties of the contract object, and there are a bunch of functions there!

  3. It tells us that we have what we need in info1(). So naturally, we will call await contract.info1().

  4. We are told to call info2() with "hello" parameter! We do so with await contract.info2("hello").

  5. We are told to check the infoNum() property. When we do so with await contract.infoNum() we get some weird stuff back in our console. What the hell is this?? Fret not, tis a mere BigNumber object. You can convert it to a number or string via toNumber() or toString(). Once we do so, we see that it denotes the number 42.

{
  negative: 0,
  words: [
    42,
    // empty
  ],
  length: 1,
  red: null
}
Enter fullscreen mode Exit fullscreen mode

  1. We know what to do already, let's call await contract.info42(). We see that we should have called theMethodName instead.

  2. So we do: await contract.theMethodName. Oh, we need to call method7123949 instead!

  3. Once we call await contract.method7123949(), we see the following message: "If you know the password, submit it to authenticate()". Do we know the password? There certainly seems to be a password() function as a property of our contract object, so let's call it!

  4. After await contract.password() we get the password as ethernaut0. Submitting this to await contract.authenticate("ethernaut0") prompts us to confirm a transaction!

Once that is mined, we seem to have nothing more to do. As the next natural thing to do, we may as well submit our instance (the orange button). Indeed, that is the end of the level! Congratulations, you are now ready for the real deal.

profile
Coherence
 Promoted

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Top comments (0)

profile
Pieces.app
 Promoted

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

Read next

rivkaavraham profile image

Nextjs Strapi

Rivka -

rivkaavraham profile image

Nextjs headless wordpress

Rivka -

lior_amsalem_3879371237f6 profile image

Heroku nextjs

Lior Amsalem -

lior_amsalem_3879371237f6 profile image

Woocommerce nextjs

Lior Amsalem -

👋 DEV Live Events

AWS Security LIVE!

Hosted by security experts, AWS Security LIVE! showcases AWS Partners tackling real-world security challenges. Join live and get your security questions answered.

Tune in to the full event

DEV is partnering to bring live events to the community. Join us or dismiss this billboard if you're not interested. ❤️