The Ethernaut-Solutions repository contains the solutions using Foundry and Hardhat.
Ethernaut is a Web3/Solidity-based wargame inspired by overthewire, to be played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be 'hacked'.
This will be the first article in a series of blog posts where I go through each level showing how to compromise the contracts and complete the challenges. From Level 1, I will be writing my exploits in Foundry as well as Hardhat. Follow whichever tool suits you.
All the Ethernaut level contracts are in /src
. All the exploits are in /test
folder. In /test
folder there are Hardhat tests using Typescript and contracts (if required). In /test/foundry
there are exploits using Foundry. In Foundry, everything is written in Solidity.
Make sure you have Metamask installed and connected to one of the following test networks
Goerli
Sepolia
Polygon Mumbai
Get some test ETH/MATIC from the following faucets, awesome-list-testnet-faucets
Go to Ethernaut. Click on level 0. Read the instructions.
When you click on 'Get New Instance', Ethernaut deploys an instance of the shown contract level on the network that is connected. You can interact with instances of the contracts using the dev console in Chrome.
help()
shows help menu
For the sake of brevity steps, 1 to 8 are skipped. They are pretty straightforward. Continue till instruction #8.
Call
info
function of the deployed instanceawait contract.info()
Response:- 'You will find what you need in info1().'
Call
info1
functionawait contract.info1()
Response:- 'Try info2(), but with "hello" as a parameter.'
Call
info2
function passing 'hello' as an argumentawait contract.info2('hello')
Response:- 'The property infoNum holds the number of the next info method to call.'
You can get the contract ABI by typing contract.abi
Examine the contract ABI. You can see there is a view function named infoNum
. This is the getter function for the state variable 'infoNum'.
Call
infoNum
functionawait contract.infoNum()
Response:- Expand the returned object. You can see the number 42 on the 0th index of the 'words' array. This is the number we should append with 'info'
Call
info42
functionawait contract.info42()
Response:- 'theMethodName is the name of the next method.'
Call
theMethodName
functionawait contract.theMethodName()
Response:- 'The method name is method7123949.'
Call
method7123949
functionawait contract.method7123949()
Response:- 'If you know the password, submit it to authenticate().'
In the contract ABI, there is a view function named password
. This is the getter function for the state variable 'password'. 'password' was passed to the constructor of the instance during the deployment.
Call
password
functionawait contract.password()
Response:- You will get the password.
Call
authenticate
function by passing the received password as an argument This will send the transaction using Metamask. Wait for the transaction to be included in the block.await authenticate(password) // replace password with actual password
Response: - After the transaction is successful, you will get the transaction receipt in the console
function authenticate(string memory passkey) public { if(keccak256(abi.encodePacked(passkey)) == keccak256(abi.encodePacked(password))) { cleared = true; } }
This sets the value of
cleared
totrue
.
In the contract ABI, there is a view function named getCleared
. This is the getter function for the state variable 'cleared'. You can check if the level is cleared by calling getCleared
function.
Call
getCleared
functionawait contract.getCleared()
Response:-
true
(if the level is cleared else false) Iffalse
, check the previous commands in the console for mistakes.
Now, you can submit the instance using the 'Submit Instance' button. Send the transaction with Metamask. Wait for the confirmation.
Submit the instance.
Level passed!!!๐
The Ethernaut-Solutions repository contains the solutions using Foundry and Hardhat.