ConsenSys Diligence Ethereum Hacking Challenge #2

Nathan
Nathan
Mar 22 · 2 min read

ConsenSys Diligence is releasing a couple CTF challenges. The first one (“Ethereum Sandbox”) took advantage of changes introduced in the Constantinople upgrade. It was solved by samczsun.

The second challenge is called . Read some bytecode and write an exploit. It is at 0xEfa51BC7AaFE33e6f0E4E44d19Eab7595F4Cca87.

Exploit the contract and extract the 0.05 ether. There’s also a bounty up for grabs. The rules for winning the bounty are the same as last time:

  • If you’re first to extract the ETH and post a write-up on how you did it, you win the bounty (you will need to prove ownership of the attacker’s address — with this contract, if you are not careful, it is possible to send the ETH to an address that you do not control)
  • If you’re not first to extract the ETH but solved the challenge, you can still post a write-up. In case the original thief does not claim the bounty, we will pick the best write-up as the winner.

If you have any questions, head to the MythX Discord. Good luck and have fun!

UPDATE

Congratulations to samczsun for solving this challenge as well! Take a look at his fantastic writeup. Or extract the creation bytecode and continue to solve without the promise of a prize!

ConsenSys Diligence

ConsenSys Diligence has the mission of solving Ethereum smart contract security. Contact us for an audit at diligence@consensys.net.

Nathan

Written by

Nathan

ConsenSys Diligence

ConsenSys Diligence has the mission of solving Ethereum smart contract security. Contact us for an audit at diligence@consensys.net.