The Ethernaut is a Web3/Solidity based wargame inspired by overthewire.org, played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be 'hacked'. The game is 100% open source and all levels are contributions made by other players.
In this repo you can find my solutions to the challenges:
This level is about the use and implementation of the fallback function. You need to claim ownership of the contract and reduce its balance to zero.
In this challenge you have to discover a very tiny mistake (or a typo) and show its terrible consequences.
To complete this level you'll need to guess the correct outcome 10 times in a row. The goal of this level is to show how tricky random number generation is in Blockchain systems.
To complete this level you need to claim ownership of the contract by taking advantage of a bad implementation of the global variables: tx.origin and msg.sender.
You beat this level if you somehow manage to get your hands on any additional tokens. This is an example of Overflow/Underflow issues when an integer is incremented beyond its maximum value or decremented below its minimum value.
The goal of this level is for you to claim ownership of the instance you are given. To succeed you need to understand how delegatecall low level function works, how it can be used to delegate operations to on-chain libraries, and what implications it has on execution scope.
The goal of this level is to make the balance of the contract greater than zero. To break this challenge you need to understand that nothing prevents a contract from receiving ether from a contract that is self destructed.
In this level you need to get the value of an on-chain private variable to unlock the vault and pass this level.
In this challenge, you need to understand the consequences of not verifying that a transfer was successfully executed.
The goal of this level is for you to steal all funds from the contract by launching a re-entrancy attack. To do this you need to exploit a vulnerability in function withdraw.
In this challenge the attacker implements its own version of a function declared within an interface. This function is not implemented and it is using the 'default' modifier which allows to change the blockchain state. Never trust an external contract call.