ConsenSys Diligence Ethereum Hacking Challenge #2

Mar 22, 2019 · 2 min read

ConsenSys Diligence is releasing a couple CTF challenges. The first one (“Ethereum Sandbox”) took advantage of changes introduced in the Constantinople upgrade. It was solved by samczsun.

The second challenge is called Rop EVM. Read some bytecode and write an exploit. It is at 0xEfa51BC7AaFE33e6f0E4E44d19Eab7595F4Cca87.

Exploit the contract and extract the 0.05 ether. There’s also a 100 DAI bounty up for grabs. The rules for winning the bounty are the same as last time:

  • If you’re first to extract the ETH and post a write-up on how you did it, you win the bounty (you will need to prove ownership of the attacker’s address — with this contract, if you are not careful, it is possible to send the ETH to an address that you do not control)
  • If you’re not first to extract the ETH but solved the challenge, you can still post a write-up. In case the original thief does not claim the bounty, we will pick the best write-up as the winner.

If you have any questions, head to the MythX Discord. Good luck and have fun!


Congratulations to samczsun for solving this challenge as well! Take a look at his fantastic writeup. Or extract the creation bytecode and continue to solve without the promise of a prize!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store