Some of you might remember my last Solidity Riddle I posted a few weeks back. Basically, I wanted to share my fascination about smart contract development and create awareness for smart contract vulnerabilities. Today, we'll have a second installment. I created another challenge and all of you are invited to break my contract and get access to the deposited tokens (And keep them, of course).
How Does It Work?
Basically, I created a smart contract with a built-in security exploit, and I deployed it on Binance Smart Chain (BSC). I then deposited a few tokens into the contract. The challenge is to gain access and withdraw them to a wallet that you control. How you do that, is up to you. I know at least one solution to the problem, but there might be more. There are no real rules here. The smart contract is out there and public, and whoever manages to withdraw the tokens wins and can keep them.
You can also check out Part 1 if you want:
And find a blog post about the solution for the first challenge here:
https://safecrypto.medium.com/break-my-contract-part-1-buffer-overflow-fbc2f63401ce
Less Talking... Show Me The Contract!
So here we go. This is where you can find the smart contract for this challenge:
https://bscscan.com/address/0x3c8dd8178baa310e8178906869b71f5708834d0a#code
It currently holds 50,000 tokens, worth more than 25$ on the open market. The exploitable contract is verified on BscScan and you can analyze it or interact with it to find the solution to this challenge. Here's a link to the contract of the deposited tokens:
https://bscscan.com/address/0xdb78fcbb4f1693fdbf7a85e970946e4ce466e2a9
This Time, There's a Testnet Version!
One of the concerns last time was high gas cost for testing out attack angles and playing around with the smart contract. So I decided to deploy a testnet version this time. You can still break the mainnet contract and win the price, but if you want to play around with this challenge for free, this is your option:
https://testnet.bscscan.com/address/0xf12c69d44c60010d3a88024dbeffb2cd4c2f71d9#code
If you need testnet BNB to pay for gas cost, you can get it for free fom here:
https://testnet.binance.org/faucet-smart
What Tools Should I Use?
You will need a BSC wallet and (depending on your approach) a Solidity compiler for this challenge. You can use any BSC compatible wallet, but I recommend Metamask, although it needs to be set up to work on BSC first. Here’s how to do that:
https://academy.binance.com/en/articles/connecting-metamask-to-binance-smart-chain
And also how to do that for BSC testnet:
https://medium.com/spartanprotocol/how-to-connect-metamask-to-bsc-testnet-7d89c111ab2
The most common IDE for Solidity development is probably Remix. It’s a web tool with an integrated Solidity Compiler. You can connect it with Metamask to deploy your smart contracts on-chain. Here’s where you find Remix:
Closing Remarks
You can find all the Solidity Riddles on GitHub, as well. I'm planning to make this a regular series:
https://github.com/scamcoincrypto/solidity-riddles
Feel free to fork it, copy it, or even propose new challenges. I would love to hear other community members suggestions :)
Other than that, there’s not much left to say. Have fun with the challenge! Maybe, whoever wins the price can post a little write up how he did it.
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.
Comments