Ethernaut复活了，赶紧开始做题

# Level 4. Telephone

tx.origin是交易的发送方，不是方法调用的调用方。

# Level 6. Delegation

There exists a special variant of a message call, named delegatecall which is identical to a message call apart from the fact that the code at the target address is executed in the context of the calling contract and msg.sender and msg.value do not change their values.

This means that a contract can dynamically load code from a different address at runtime. Storage, current address and balance still refer to the calling contract, only the code is taken from the called address.

This makes it possible to implement the “library” feature in Solidity: Reusable library code that can be applied to a contract’s storage, e.g. in order to implement a complex data structure.

<address>.delegatecall(bytes memory) returns (bool, bytes memory)

issue low-level DELEGATECALL with the given payload, returns success condition and return data, forwards all available gas, adjustable

## Source

The instance must be the Delegation contract.

The fallback function of Delegation contract trys to call the delegate address.

And the Delegate contract has a pwn function that can change its ower to msg.sender . Since the delegatecall will not change msg.sener, we can change the owner to our attacker address.

Notice that delegatecall only copys code from the target address to the current contract and executes, so the effect of doing the pwn() function is changing contract Delegation ‘s owner variable, which are all at storage[0].

## Exploit

just call the fallback function of the Delegation contract, and msg.data set to keccack('pwn()') = 0xdd365b8b

# Level 7. Force

Some contracts will simply not take your money ¯_(ツ)_/¯

The goal of this level is to make the balance of the contract greater than zero.

## Decompiled

so the default fallback generated is simply revert.

Well i have no idea, so I searched for other people’s wp.

## Exploit

I first forget to mark the contructor payable, and remix gives me kindly warnings:

# Level 8. Vault

Unlock the vault to pass the level!

## Exploit

no secret on blockchain.

# Level 9. King

The contract below represents a very simple game: whoever sends it an amount of ether that is larger than the current prize becomes the new king. On such an event, the overthrown king gets paid the new prize, making a bit of ether in the process! As ponzi as it gets xD

Such a fun game. Your goal is to break it.

When you submit the instance back to the level, the level is going to reclaim kingship. You will beat the level if you can avoid such a self proclamation.

## Source

The transfer function fails if the balance of the current contract is not large enough or if the Ether transfer is rejected by the receiving account. The transfer function reverts on failure.

transfer在失败的时候会回滚，所以只要我们不接受transfer就可以阻值代码的继续执行。

# Level 10. Re-entrancy

The goal of this level is for you to steal all the funds from the contract.

Things that might help:

Untrusted contracts can execute code where you least expect it.
Fallback methods
Throw/revert bubbling
Sometimes the best way to attack a contract is with another contract.
See the Help page above, section “Beyond the console”

## Source

target: 0x22778878428C001234BC0d9A708D9664045d80BC

## 分析

Originally, there was 1 ether in the contract, so our goal is to transfer this 1 ether back to our account.

address.transfer is safe as it has a gas stipend of 2300. but address.call.value().gas()() forwards all available gas (adjustable), and is not safe against reentrancy. Here is another reading.

## exp

Use the Checks-Effects-Interactions Pattern

# Level 11. Elevator

This elevator won’t let you reach the top of your building. Right?

Things that might help:

Sometimes solidity is not good at keeping promises.
This Elevator expects to be used from a Building.

# Level 12. Privacy

The creator of this contract was careful enough to protect the sensitive areas of its storage.

Unlock this contract to beat the level.

Things that might help:

Understanding how storage works
Understanding how parameter parsing works
Understanding how casting works

# Level 13. Gatekeeper One

## Source

require(gasleft().mod(8191) == 0);这里我是有点懵的。如何测量走到这一步消耗了多少gas呢？

https://hitcxy.com/2019/ethernaut/

callcode操作符是在自己的上下文中执行代码，但是msg.sender会发生改变。ref

geth自定义的opcodes

Istanbul Fork新增的两个opcode

254是用remix调试出来的。

# Level 16. Preservation

This contract utilizes a library to store two different times for two different timezones. The constructor creates two instances of the library for each time to be stored.

The goal of this level is for you to claim ownership of the instance you are given.

## Analysis

delegatecall调用外部函数storage位置没有对上，造成任意指定storage篡改

target contract : 0x4464A38441e76713439883883752A60B02C24298

## Insights

As the previous level, delegate mentions, the use of delegatecall to call libraries can be risky. This is particularly true for contract “libraries“ that have their own state. This example demonstrates why the library keyword should be used for building libraries, as it prevents the libraries from storing and accessing state variables.

library变量存取state是非常危险的，所以library关键字避免了这个行为。

# Level 17. Recovery

A contract creator has built a very simple token factory contract. Anyone can create new tokens with ease. After deploying the first token contract, the creator sent 0.5 ether to obtain more tokens. They have since lost the contract address.

This level will be completed if you can recover (or remove) the 0.5 ether from the lost contract address.

# Level 18. MagicNumber

To solve this level, you only need to provide the Ethernaut with a “Solver”, a contract that responds to “whatIsTheMeaningOfLife()” with the right number.

The solver’s code needs to be really tiny. Really reaaaaaallly tiny. Like freakin’ really really itty-bitty tiny: 10 opcodes at most.

## Analysis

bytes类型永远会在首部存储长度字段的

## EXP

emmm用mstore8是过不了的，必须用mstore

# Level 19. Alien Codex

You’ve uncovered an Alien contract. Claim ownership to complete the level.

## Insights

This level exploits the fact that the EVM doesn’t validate an array’s ABI-encoded length vs its actual payload.

# Level 20. Denial

This is a simple wallet that drips funds over time. You can withdraw the funds slowly by becoming a withdrawing partner.

If you can deny the owner from withdrawing funds when they call withdraw() (whilst the contract still has funds) you will win this level.

## Analysis

Error handling: Assert, Require, Revert and Exceptions

Solidity uses state-reverting exceptions to handle errors. Such an exception undoes all changes made to the state in the current call (and all its sub-calls) and flags an error to the caller.

When exceptions happen in a sub-call, they “bubble up” (i.e., exceptions are rethrown) automatically unless they are caught in a try/catch statement. Exceptions to this rule are send and the low-level functions call, delegatecall and staticcall: they return false as their first return value in case of an exception instead of “bubbling up”.

# Level 21. Shop

Сan you get the item from the shop for less than the price asked?

## EXP

jsvm hacker: 0x5B38Da6a701c568545dCfcB03FcB875f56beddC4
jsvm shop : 0xd9145CCE52D386f254917e481eB44e9943F39138

jsvm test

rinkeby hacker: 0x9B3754c0a0798aDe51e98c7a81aE73aAcf9C2e5F
rinkeby shop : 0xa0379c92AE6533b4C3f82606852E6ACc416DCc3A

final

# Level 22. Dex

The goal of this level is for you to hack the basic DEX contract below and steal the funds by price manipulation.

You will start with 10 tokens of token1 and 10 of token2. The DEX contract starts with 100 of each token.

You will be successful in this level if you manage to drain all of at least 1 of the 2 tokens from the contract, and allow the contract to report a “bad” price of the assets.

## Analysis

emmmm是否可以自己写一个新的token进去玩？

## EXP

remix的gas估计，我愿称之为神。