Forum Discussion
Bronze IIIAnyone finished the "Etherium Smart Contracts"?
Need help on three labs on the Ethereum smart contracts. I managed to do some but stuck on 3 of them so far:
Brute force the hash?
Can't get my code to work for prediciting the numbers...
Absolutely no idea....
Any help would be appreciated :)
11 Replies
IotS2024async function exploit() { try { // Step 1: Get the last block number web3.eth.getBlockNumber((error, lastBlockNumber) => { if (error) { console.error("Error fetching block number:", error); } else { lastBlockNumber -= 1; // Adjust for the previous block console.log("Last Block Number:", lastBlockNumber); // Step 2: Fetch the block details using the block number web3.eth.getBlock(lastBlockNumber, (error, block) => { if (error) { console.error("Error fetching block details:", error); } else { console.log("Block Details:", block); let blockHash = block.hash; console.log("Block Hash:", blockHash); // Step 3: Convert the block hash to BigNumber let hashVal = web3.toBigNumber("0x" + blockHash.substring(2)); console.log("Block Hash (BigNumber):", hashVal.toString()); // Step 4: Define the factor and max values let FACTOR = web3.toBigNumber("35747612576471498868021289613942548619904587962479648126103951055944713673995"); let max = web3.toBigNumber(10); // Step 5: Calculate the factor let factor = FACTOR.mul(100).div(max); console.log("Factor:", factor.toString()); // Step 6: Generate the random number based on block hash let randomNumber = hashVal.div(factor).mod(max).add(1).toNumber(); // Ensure it's within range console.log("Generated Random Number (BigNumber):", randomNumber.toString()); // Step 7: Interact with the contract contract.guess(randomNumber).then((result) => { console.log("Guess sent: Success!", result); // Step 8: Query the contract for the number of successful guesses contract.correctNumberCount() .then((correctNumberCount) => { console.log(`Number of successful guesses: ${correctNumberCount}`); }) .catch((error) => { console.error("Error fetching correct number count:", error); }); }) .catch((error) => { console.error("Error sending guess:", error); }); } }); } }); } catch (error) { console.error("Unexpected error:", error); } } exploit();I tried this one so far for EP-4. Do I have an error in my thoughts?
- netcat
Silver III
Got logged out, answer vanished. Short version:
If your write JS code that is correct you'll never get the same result.
If your write a smart contract that is correct you'll get the same result.
Why...?
Don't read the hint, unless you really want a hint.
Hint 1: Write both JS and smart contract side to side...more hints on request.
- IotS2024
you are right. EP-3 is done already. typo. It is EP-2
- steven
Silver II
puuuh.... I did all of them with some help from netcat
Ep2 > check the chain explorer, you'll find something that you can decode. no brute force needed.
Ep4 > you need to make sure you understand the BigInt in JS vs in ethereum. then you can work with that...
Ep5> empty contract, wtf?! :) --> https://docs.soliditylang.org/en/v0.8.0/contracts.html#receive-ether-function with selfdestruct might give you some ideas...
- IotS2024
Wow, that are some interesting thoughts.
EP2: Tried Bytecode decompilation (with various solidity decompilers) and cyber chef, but my brain blocks when it reads blockchain and java
EP4: I will look into this, thank you for the advise
EP5: This is a very very interesting approach. It looks very promising. Thx for that hint :)- IotS2024
EP5: I set up an own contract with a selfDestruct function. The payout address on destruction was set to the Robin Hood contract address. So on destruction the payout should go to this contract and could not be reversed (at least that was my approach).
Did I make something wrong or is this the wrong approach?
I used the console and truffle for this approach. And yes, I transferred ether to the new deployed contract.
