ConsenSys Diligence Ethereum Hacking Challenge

ConsenSys “not giving away ether” Diligence is giving away ether! Kind of.

ConsenSys Diligence is deploying a series of vulnerable smart contracts to put your hacking skills to the test. The first CTF challenge is dubbed Ethereum Sandbox, and is at 0x68cb858247ef5c4a0d0cde9d6f68dce93e49c02a. Exploit the contract and extract the 0.05 ether. There’s also a 200 DAI bounty up for grabs. The rules for winning the bounty:

  • If you’re first to extract the ETH and post a write-up on how you did it, you win the bounty (you’ll need to prove ownership of the attacker’s address)
  • If you’re not first to extract the ETH but solved the challenge, you can still post a write-up. In case the original thief does not claim the bounty, we’ll pick the best write-up as the winner.

To exploit the contract, you’ll need reverse engineering skills, deep Ethereum knowledge, and a healthy dose of critical thinking. If you have any questions, head to the MythX Discord. Good luck and have fun!

UPDATE

Congratulations to samczsun for solving this challenge! Take a look at his writeup.

The source code is now available here.