Skip to content

Instantly share code, notes, and snippets.

View finleyexp's full-sized avatar

Finley finleyexp

29 followers · 190 following
View GitHub Profile
@finleyexp
finleyexp / CaptureTheEther.md
Created January 20, 2020 16:25 — forked from nadir-akhtar/CaptureTheEther.md
My runthrough of the wonderful capturetheether.com. Check me out on the leaderboard, "partywizard", in 24th place as of May 7, 2018. If you notice errors, feel free to bring it up in the discussion section.

Capture the Ether Writeup

This writeup is a runthrough of challenges at https://capturetheether.com/challenges/ built on the Ropsten testnet. I will go through each problem in four steps:

  1. The intention of the contract
  2. The flawed assumption
  3. The process of exploiting the vulnerability
  4. The potential patches

I'll provide examples of the code I wrote as needed. To save time, we'll skip into the Lotteries section, starting with Guess the secret number, as that's the first problem which truly required some thought.

@finleyexp
finleyexp / iGuess.sol
Created January 21, 2020 17:43
Copy of the iGuess.sol with abi.encodePatched(...)
// DON'T USE. INTENDED FOR EDUCATIONAL PURPOSES ONLY. PLUS, it errors.
// adapted from: https://tij.me/blog/scamming-people-via-ethereum-smart-contracts/
pragma solidity >=0.4.24 <0.7.0;
contract iGuess {
uint256 private secretNumber;
uint256 public lastPlayed;
address public owner;