You will understand how to trick a block explorer into displaying different byte code of your choosing, other than the one deployed on the chain.
This is important because a user can be tricked by a hacker to think they interact with a good contract, when actually the user interacts with malicious contract. It is indeed the same contract address, but the byte code is not the one reported by the block explorer.
This is going to be a series about some of the techniques I implemented when designing Karl, a free tool that finds exploitable code in live smart contracts.
When I monitor the Ethereum blockchain for vulnerable contracts, I need a way to determine if the vulnerabilities I find are the real thing, or merely a scattering of false positives and honeypots. I’ve been able to mitigate this possibility by testing for vulnerabilities in a virtual copy of the blockchain.
A blockchain clone is useful because we could break the contract arbitrarily sending transactions to it. Remember “I accidentally killed it”?
The second challenge makes you think a little bit. It’s not that hard, but it assumes you already know how to run a transaction.
The challenge is quite simple to understand
Unlock the Safe
Just enter the correct pin
It’s quite simple because there’s no real hacking we need to do. This is an intro challenge that makes sure you can run transactions and understand what the ABI is.
My basic tool set for solving challenges consists of
You can find the challenge here.
Donate to Bob Smith!
Bob Smith is a name you…