Inspired by OpenZeppelin's Ethernaut, Valut Level
Can you believe, if I say "I can guess your password saved in your contract, even if it's defined as private"?
Unlock the vault.
Hint:
- Is
private
variable actually private?
private
doesn't actually mean that the data is hidden/safe & unaccessible. 😱 Everything you use in a smart contract is publicly visible, even local variables and state variables markedprivate
- Do not store sensitive data inside contracts.
-
How to convert JavaScript string to
byte32
?Use utils.asciiToHex
web3.utils.asciiToHex('I have 100!');
> "0x4920686176652031303021"
-
Can I read the storage of a contract?
Use eth.getStorageAt
web3.eth.getStorageAt("0x407d73d8a49eeb85d32cf465507dd71d507100c1", 0)
.then(console.log);
> "0x033456732123ffff2342342dd12342434324234234fd234fd23fd4f23d4234"
// SPDX-License-Identifier: MIT
pragma solidity >=0.8.5 <0.9.0;
contract Vault {
bool public locked;
bytes32 private password;
constructor(bytes32 _password) {
locked = true;
password = _password;
}
function unlock(bytes32 _password) public {
if (password == _password) {
locked = false;
}
}
}
Skip if you have already installed.
npm install -g truffle
yarn install
truffle develop
test
truffle(develop)> test
Using network 'develop'.
Compiling your contracts...
===========================
> Everything is up to date, there is nothing to compile.
Contract: Hacker
√ should unlock vault (399ms)
1 passing (440ms)