Skip to content

Instantly share code, notes, and snippets.

@shubham-kanodia

shubham-kanodia/attack.sol

Created January 16, 2023 10:14
Show Gist options
  • Save shubham-kanodia/6fd4a4946c6ccd8b98bc50cbec977f58 to your computer and use it in GitHub Desktop.
Save shubham-kanodia/6fd4a4946c6ccd8b98bc50cbec977f58 to your computer and use it in GitHub Desktop.
Download ZIP
Secret number challenge
Raw
attack.sol
pragma solidity ^0.6.0;
contract SecretNumberAttack {
function attack(bytes32 hash) public returns (uint8) {
uint8 number;
uint8 secretNumber;
for (number = 0; number <= 256; number++) {
if (keccak256(abi.encodePacked(number)) == hash) {
secretNumber = number;
break;
}
}
return secretNumber;
}
}
Raw
description.md

Description

This contract protects the ownership using a secret number.

The goal of this level is to gain ownership of this contract.

Things that might help:

  • Range of different uint types
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;


contract SecretNumber {
    bytes32 answerHash = 0x763a7e0ee79faefad826c47a503fa6ee5c67f35d622ef6580ba47c2bb991c707;
    
    address public owner;
    
    constructor() public {
        owner = msg.sender;
    }
    
    function changeOwner(uint8 secretNumber) payable public {
        require(msg.value == 1 ether);
        
        if (keccak256(abi.encodePacked(secretNumber)) == answerHash) {
            owner = msg.sender;
            msg.sender.transfer(1 ether);
        }
    }
}

Solution

Although, it is very difficult to reverse a cryptographic hash, given a limited number of possibilities they can be brute forced.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment