Skip to content

Latest commit

 

History

History
454 lines (357 loc) · 11.1 KB

README.md

File metadata and controls

454 lines (357 loc) · 11.1 KB

Ethernaut with Foundry

Ethernaut: https://ethernaut.openzeppelin.com/

Note: All commands below need to be executed in the root of this repository.

Table of Contents

Common Setup

Execute the following commands:

export PRIVATE_KEY=<PRIVATE KEY>
export RPC_URL=<RPC URL>
export FOUNDRY_ETH_RPC_URL=$RPC_URL

Test All Exploit

forge test --match-path "src/Ethernaut/*"

0. Hello Ethernaut

Challenge & Exploit codes

Test

forge test --match-contract HelloEthernautExploitTest -vvvv

Exploit on chain

forge script HelloEthernautExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

1. Fallback

Challenge & Exploit codes

Test

forge test --match-contract FallbackExploitTest -vvvv

Exploit on chain

forge script FallbackExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

2. Fallout

Challenge & Exploit codes

Test

forge test --match-contract FalloutExploitTest -vvvv

Exploit on chain

forge script FalloutExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

3. Coin Flip

Challenge & Exploit codes

Test

forge test --match-contract CoinFlipExploitTest -vvvv

Exploit on chain

forge script CoinFlipExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --slow --sig "run(address)" $INSTANCE_ADDRESS

Command to work around the bugs in foundry-rs/foundry#2489 and foundry-rs/foundry#5512 :

forge script CoinFlipExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --slow --sig "run(address)" $INSTANCE_ADDRESS --fork-block-number $(python -c "print($(cast block-number)-10)")

4. Telephone

Challenge & Exploit codes

Test

forge test --match-contract TelephoneExploitTest -vvvv

Exploit on chain

forge script TelephoneExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

5. Token

Challenge & Exploit codes

Test

forge test --match-contract TokenExploitTest -vvvv

Exploit on chain

forge script TokenExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

6. Delegation

Challenge & Exploit codes

Test

forge test --match-contract DelegationExploitTest -vvvv

Exploit on chain

forge script DelegationExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

7. Force

Challenge & Exploit codes

Test

forge test --match-contract ForceExploitTest -vvvv

Exploit on chain

forge script ForceExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

8. Vault

Challenge & Exploit codes

Test

forge test --match-contract VaultExploitTest -vvvv

Exploit on chain

forge script VaultExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

cast command-only one-liner:

cast send --private-key $PRIVATE_KEY $INSTANCE_ADDRESS "unlock(bytes32)" $(cast storage  $INSTANCE_ADDRESS 1)

9. King

Challenge & Exploit codes

Test

forge test --match-contract KingExploitTest -vvvv

Exploit on chain

forge script KingExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

10. Re-entrancy

Challenge & Exploit codes

Test

forge test --match-contract ReentranceExploitTest -vvvv

Exploit on chain

forge script ReentranceExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

11. Elevator

Challenge & Exploit codes

Test

forge test --match-contract ElevatorExploitTest -vvvv

Exploit on chain

forge script ElevatorExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

12. Privacy

Challenge & Exploit codes

Test

forge test --match-contract PrivacyExploitTest -vvvv

Exploit on chain

forge script PrivacyExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

13. Gatekeeper One

Challenge & Exploit codes

Test

forge test --match-contract GatekeeperOneExploitTest -vvvv

Exploit on chain

forge script GatekeeperOneExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

14. Gatekeeper Two

Challenge & Exploit codes

Test

forge test --match-contract GatekeeperTwoExploitTest -vvvv

Exploit on chain

forge script GatekeeperTwoExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

15. Naught Coin

Challenge & Exploit codes

Test

forge test --match-contract NaughtCoinExploitTest -vvvv

Exploit on chain

forge script NaughtCoinExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

16. Preservation

Challenge & Exploit codes

Test

forge test --match-contract PreservationExploitTest -vvvv

Exploit on chain

forge script PreservationtExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

17. Recovery

Challenge & Exploit codes

Exploit on chain

cast send --private-key $PRIVATE_KEY --gas-limit 100000 $INSTANCE_ADDRESS "destroy(address)" <TOKEN ADDRESS>

The token address can be easily found in a blockchain explorer.

18. MagicNumber

Challenge & Exploit codes

Exploit written in Huff: https://github.com/minaminao/huff-ethernaut-magic-number

Test

forge test --match-contract MagicNumberExploitTest -vvvv

Exploit on chain

forge script MagicNumberExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

19. Alien Codex

Challenge & Exploit codes

Test

forge test --match-contract AlienCodexExploitTest -vvvv

Exploit on chain

forge script AlienCodexExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

20. Denial

Challenge & Exploit codes

Test

forge test --match-contract DenialExploitTest -vvvv

Exploit on chain

forge script DenialExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

21. Shop

Challenge & Exploit codes

Test

forge test --match-contract ShopExploitTest -vvvv

Exploit on chain

forge script ShopExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

22. Dex

Challenge & Exploit codes

Test

forge test --match-contract DexExploitTest -vvvv

Exploit on chain

forge script DexExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

23. Dex Two

Challenge & Exploit codes

Test

forge test --match-contract DexTwoExploitTest -vvvv

Exploit on chain

forge script DexTwoExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

24. Puzzle Wallet

Challenge & Exploit codes

Test

forge test --match-contract PuzzleWalletExploitTest -vvvv

Exploit on chain

forge script PuzzleWalletExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

25. Motorbike

Challenge & Exploit codes

Test

  • Foundry test functions cannot detect that the code size has changed to 0.
  • Anvil should be able to test it (WIP).

Exploit

forge script MotorbikeExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

26. DoubleEntryPoint

Challenge & Exploit codes

Test

forge test --match-contract DoubleEntryPointExploit -vvvv

Exploit on chain

forge script DoubleEntryPointExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

27. Good Samaritan

Challenge & Exploit codes

Test

forge test --match-contract GoodSamaritanExploit -vvvv

Exploit on chain

forge script GoodSamaritanExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

28. Gatekeeper Three

Challenge & Exploit codes

Test

forge test --match-contract GatekeeperThreeExploit -vvvv

Exploit on chain

forge script GatekeeperThreeExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS

29. Switch

Challenge & Exploit codes

Test

forge test --match-contract SwitchExploit -vvvv

Exploit on chain

forge script SwitchExploitScript -vvvv --private-key $PRIVATE_KEY --fork-url $RPC_URL --broadcast --sig "run(address)" $INSTANCE_ADDRESS