ConsenSys Diligence Ethereum Hacking Challenge #2

Nathan
Nathan
Mar 22, 2019 · 2 min read
Image for post
Image for post

ConsenSys Diligence is releasing a couple CTF challenges. The first one (“Ethereum Sandbox”) took advantage of changes introduced in the Constantinople upgrade. It was solved by samczsun.

The second challenge is called Rop EVM. Read some bytecode and write an exploit. It is at 0xEfa51BC7AaFE33e6f0E4E44d19Eab7595F4Cca87.

Exploit the contract and extract the 0.05 ether. There’s also a 100 DAI bounty up for grabs. The rules for winning the bounty are the same as last time:

  • If you’re first to extract the ETH and post a write-up on how you did it, you win the bounty (you will need to prove ownership of the attacker’s address — with this contract, if you are not careful, it is possible to send the ETH to an address that you do not control)
  • If you’re not first to extract the ETH but solved the challenge, you can still post a write-up. In case the original thief does not claim the bounty, we will pick the best write-up as the winner.

If you have any questions, head to the MythX Discord. Good luck and have fun!

UPDATE

Congratulations to samczsun for solving this challenge as well! Take a look at his fantastic writeup. Or extract the creation bytecode and continue to solve without the promise of a prize!

Sign up for Smart Contract Security Newsletter

By ConsenSys Diligence

The goal of this newsletter is to help you keep up with, (and understand) the latest attacks, threats and defenses, and security best practices in the blockchain and smart contract security. Learn more

Create a free Medium account to get Smart Contract Security Newsletter in your inbox.

Nathan

Written by

Nathan

ConsenSys Diligence

ConsenSys Diligence has the mission of solving Ethereum smart contract security. Contact us for an audit at diligence@consensys.net.

Nathan

Written by

Nathan

ConsenSys Diligence

ConsenSys Diligence has the mission of solving Ethereum smart contract security. Contact us for an audit at diligence@consensys.net.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store