EVM Puzzle 2

Posted on In

Puzzle 2 is very similar to Puzzle 1, with the only difference being that this time we need to understand the CALLVALUE opcode. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
############
# Puzzle 2 #
############

00      34      CALLVALUE
01      38      CODESIZE
02      03      SUB
03      56      JUMP
04      FD      REVERT
05      FD      REVERT
06      5B      JUMPDEST
07      00      STOP
08      FD      REVERT
09      FD      REVERT

  • CALLVALUE : push the msg.value (in wei) to the stack
  • CODESIZE: push into the stack the contract’s code size in bytes
  • SUB: pop two values from the stack, subscract V1 (position 1 in the stack) from V0 (position 0 in the stack), pushing the result of the operation into the stack.

So, assuming our input value is X, when we execute the JUMP instruction, we jump to the value 10-X. Here, 10 represents the entire code size, and our target value is 6. Therefore, the input value we need is 4.

1
2
3
4
5
6
? Enter the value to send: 4

Puzzle solved!

Run it in evm.codes: https://www.evm.codes/playground?callValue=4&unit=Wei&callData=&codeType=Bytecode&code='34380356FDFD5B00FDFD'_