From 54ee8b8bb9cb50e90bc99bcafed3f71480aaac41 Mon Sep 17 00:00:00 2001 From: leovct Date: Mon, 30 Sep 2024 11:19:48 +0200 Subject: [PATCH] docs: document offset 22 --- test/EthernautCTF/MagicNumberExploit.t.sol | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/EthernautCTF/MagicNumberExploit.t.sol b/test/EthernautCTF/MagicNumberExploit.t.sol index 817a23a..29b26ae 100644 --- a/test/EthernautCTF/MagicNumberExploit.t.sol +++ b/test/EthernautCTF/MagicNumberExploit.t.sol @@ -65,6 +65,8 @@ contract MagicNumberExploit is Test { // PUSH1 0x00 // MSTORE // 2. Return 10 bytes from memory, starting at offset 22. + // Why an offset of 22? Because the runtime code length is 10 bytes and when we store it in + // memory, it's padded with zero bytes (22 zero bytes) to get a 32-byte value. // PUSH1 0x0a (10 in hexadecimal) // PUSH1 0x16 (22 in hexadecimal) // RETURN