Skip to content

yoyoj1023/ethernaut-level-solutions

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits
00_HelloEthernaut
00_HelloEthernaut
 
 
01_Fallback
01_Fallback
 
 
02_Fallout
02_Fallout
 
 
03_CoinFlip
03_CoinFlip
 
 
04_Telephone
04_Telephone
 
 
05_Token
05_Token
 
 
06_Delegation
06_Delegation
 
 
07_Force
07_Force
 
 
08_Vault
08_Vault
 
 
09_King
09_King
 
 
10_Reentrance
10_Reentrance
 
 
11_Elevator
11_Elevator
 
 
12_Privacy
12_Privacy
 
 
13_GatekeeperOne
13_GatekeeperOne
 
 
14_GatekeeperTwo
14_GatekeeperTwo
 
 
15-naught-coin
15-naught-coin
 
 
16-preservation
16-preservation
 
 
17-recovery
17-recovery
 
 
18-magic-number
18-magic-number
 
 
19-alien-codex
19-alien-codex
 
 
20-denial
20-denial
 
 
21-shop
21-shop
 
 
22-dex
22-dex
 
 
23-dex2
23-dex2
 
 
24-puzzle-wallet
24-puzzle-wallet
 
 
25-motorbike
25-motorbike
 
 
README.md
README.md
 
 

Repository files navigation

Ethernaut Level Solutions

This is a solution repository for Ethernaut CTF, containing solutions, solving strategies, and related Solidity knowledge for each level. Ethernaut is a smart contract security challenge platform provided by OpenZeppelin, designed to help developers learn and understand smart contract vulnerabilities and attack methods.

Project Structure

The project directory is organized by level sequence, with each directory corresponding to a specific level containing the following:

  • README.md: Detailed explanation of solving strategies, knowledge supplements, and challenge process for each level.
  • contracts/: Smart contracts involved in the level, including original contracts and attack contracts.
  • scripts/: Scripts for interacting with contracts, used for deployment, attacks, or verification of solutions.
  • hardhat.config.ts: Hardhat configuration file containing network settings and compiler versions.
  • package.json: Project dependency management file.

Level List

Below are the currently completed levels with brief descriptions:

  1. 00_HelloEthernaut: Introduction to basic operations of the Ethernaut platform.
  2. 01_Fallback: Learn the characteristics of fallback functions and claim contract ownership.
  3. 02_Fallout: Understand constructor naming conventions and become the contract owner.
  4. 03_CoinFlip: Predict coin flip results using block hash values, guessing correctly 10 times in a row.
  5. 04_Telephone: Exploit the difference between tx.origin and msg.sender to claim ownership.
  6. 05_Token: Trigger underflow vulnerability to increase your token balance.
  7. 06_Delegation: Use delegatecall attack to claim contract ownership.
  8. 07_Force: Use selfdestruct to forcibly send ETH to the target contract.
  9. 08_Vault: Read private variables through storage slots to unlock the vault.
  10. 09_King: Become the king and prevent others from claiming the king position.
  11. 10_Reentrance: Launch a reentrancy attack to withdraw all funds from the contract.
  12. 11_Elevator: Use external contracts to override logic and reach the top floor of the elevator.
  13. 12_Privacy: Read sensitive data through storage slots to unlock the privacy contract.
  14. 13_GatekeeperOne: Pass through 3 gates, requiring precise calculation of gasleft() and familiarity with data type conversion.
  15. 14_GatekeeperTwo: Pass through 3 gates, requiring understanding of extcodesize(caller()) properties and familiarity with XOR operators.
  16. 15-naught-coin: Understand ERC20's approve() and transferFrom() to transfer tokens out.
  17. 16-preservation: Use delegatecall to overwrite library reference addresses.
  18. 17-recovery: Find deployed contract addresses from the contract factory.
  19. 18-magic-number: Use raw low-level EVM opcodes to create tiny contracts.
  20. 19-alien-codex: Exploit dynamic array overflow and storage slot layout to overwrite contract owner variables.
  21. 20-denial: Perform denial-of-service attacks by consuming all gas to prevent contract owners from withdrawing funds.
  22. 21-shop: Exploit external contract state changes to return different price values within the same transaction.
  23. 22-dex: Drain tokens through price manipulation attacks, exploiting imbalances in decentralized exchange liquidity pools.
  24. 23-dex2: Exploit DEX's lack of token whitelist verification by creating malicious tokens and manipulating price calculation formulas to extract all tokens from the liquidity pool.
  25. 24-puzzle-wallet: Exploit storage collision vulnerabilities between proxy and implementation contracts, combined with multicall logic flaws to manipulate contract balance and claim admin privileges.
  26. 25-motorbike: Exploit UUPS proxy contract vulnerabilities by directly initializing the logic contract, then upgrading to a malicious contract that executes selfdestruct to destroy the logic contract (Note: Due to EIP-6780, selfdestruct cannot permanently delete contract code after the Cancun hard fork).

Usage

  1. Install dependencies:
npm install
  1. Compile contracts:
npx hardhat compile
  1. Deploy contracts:
npx hardhat run scripts/deploy_<script_name>.js --network <network_name>
  1. Run interaction scripts:
npx hardhat run scripts/<script_name>.js --network <network_name>

Requirements

  • Node.js 16+
  • Hardhat
  • Solidity 0.8.x
  • Optimism Sepolia testnet (or other supported testnets)

Contact

If you have any suggestions or questions about this project, feel free to contact me!

Ethernaut is an excellent platform for learning smart contract security. Through these challenges, you will gain a deeper understanding of smart contract vulnerabilities and defense techniques. I hope these solutions help you master the relevant knowledge more quickly!

About

Soilidity CTF: My solutions for each level of Ethernaut

Topics

ethernaut

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages