Ethernaut by OpenZeppelin is a great learning resource for EVM learner for some crucial knowledge - storage layout, delegatecall, selfdestruct, and more. Learn about the functionalities and more importantly, the pitfalls for potential risk on security. Sharing my experience and the tips for cracking the levels.
Useful Links (Tools)
Levels
Hello Ethernaut
- This exercise is trivial. Just follow the info(), get the password and call authenticate()
Fallback
- Call
contribute()
with a tiny amount
- Send a tiny amount to the contract and the
owner
will be changed (trigger receive()
)
- Call
withdraw()
to get all the amount
- Fallout
- There’s a typo on method
Fal1out()
. Just call it and you can get the owner
CoinFlip
- The contract use the block value to determine the flipping result
- Create another contract to trigger the guess. Within the same transaction we can get the exact same block value as the checking method, so we can always pre-compute the correct answer
- contract code snippet