README.md

🧑🏻‍🚀 my ethernaut write-ups + solutions, systematically on foundry

🔋 this project contains solutions for openzeppelin's ethernaut wargames. leveraging foundry, each level has a test set (test/*.t.sol), a script set (script/*.s.sol), and a write-up. some levels also have an exploit at src/*.sol.

🔋 to read the full notes about this work, check out my mirror publication: on hacking systematically with foundry. you are welcome to submit solutions and pull requests.

🔋 by the way, do you remember overthewire? here is my WeChall profile from playing it in 2014.

---

levels

✅ 01. Fallback - exploiting fallback():

• write-up + foundry test
• submission foundry script

✅ 02. Fallout - exploiting constructor():

• write-up + foundry test
• submission foundry script

✅ 03. Coin Flip - exploiting pseudo-randomness:

• write-up + foundry test
• solidity exploit
• submission foundry script

✅ 04. Telephone - exploiting tx.origin:

• write-up + foundry test
• solidity exploit
• submission foundry script

✅ 05. Token - exploiting integer overflows:

• write-up + foundry test
• submission foundry script

✅ 06. Delegation - exploiting delegatecall:

• write-up + foundry test
• submission foundry script

✅ 07. Force - exploiting payable contracts:

• write-up + foundry test
• solidity exploit
• submission foundry script

✅ 08. Vault - exploiting private functions:

• write-up + foundry test
• submission foundry script

✅ 09. King - exploiting transfer(msg.value):

• write-up + foundry test
• solidity exploit
• submission foundry script

✅ 10. Reentrancy - exploiting reentrancy:

• write-up + foundry test
• solidity exploit
• submission foundry script

✅ 11. Elevator - exploiting interfaces:

• write-up + foundry test
• solidity exploit
• submission foundry script

🔜 12. Privacy:

• write-up + foundry test
• submission foundry script

🔜 13. Gatekeeper One:

• write-up + foundry test
• submission foundry script

🔜 14. Gatekeeper Two:

• write-up + foundry test
• submission foundry script

🔜 15. Naught Coin:

• write-up + foundry test
• submission foundry script

🔜 16. Preservation:

• write-up + foundry test
• submission foundry script

🔜 17. Recovery:

• write-up + foundry test
• submission foundry script

🔜 18. Magic Number:

• write-up + foundry test
• submission foundry script

🔜 19. Alien Code:

• write-up + foundry test
• submission foundry script

🔜 20. Denial:

• write-up + foundry test
• submission foundry script

✅ 21. Shop - exploiting interfaces II:

• write-up + foundry test
• solidity exploit
• submission foundry script

🔜 22. Dex:

• write-up + foundry test
• solidity exploit
• submission foundry script

🔜 23. Dex Two:

• write-up + foundry test
• submission foundry script

🔜 24. Puzzle Wallet:

• write-up + foundry test
• submission foundry script

🔜 25. Motorbike:

• write-up + foundry test
• submission foundry script

🔜 26. Doubly Entry Point:

• write-up + foundry test
• submission foundry script

🔜 27. Good Samaritan:

• write-up + foundry test
• submission foundry script

🔜 28. Gatekeeper Three:

• write-up + foundry test
• submission foundry script

🔜 29. Switch:

• write-up + foundry test
• submission foundry script

---

installing

• install foundry

• create a test wallet (e.g., with metamask)

• create a .env (copying from .env.example) and add keys and the addresses of each instance.

• add a sepolia rpc url to foundry.toml (e.g., from alchemy or infura)

---

running each level

• you will find detailed instructions in each write-up, but as a general rule:

• run tests with, for example,
  • forge test -vvvv, or, for example,
  • forge test -vvvv --match-path ./test/01/Fallback.t.sol

• submit scripts with, for example,
  • forge script ./script/01/Fallback.s.sol --broadcast -vvvv --rpc-url sepolia

---

(like to solve these types of problems? perhaps you are neo-cypherpunk, then?)