Featured image of post Ethernaut challenges
Ethernaut challenges

Ethernaut challenges

Ethernaut is a a website containg many vulnerable smart contracts where the goal is to find and exploit a particular vulnerability

I am starting a series of writeup of the Ethernaut challenges, this project have been initiated by OpenZeppelin team to teach basic knowledge of smart contracts auditing.

The challenges will be resolved with Foundry, the client, if needed will be written in Golang and the smart contracts will be written in Solidity.

The current list of challenges are:

  1. Hello Ethernaut
  2. Fallback
  3. Fallout
  4. CoinFlip
  5. Telephone
  6. Token
  7. Delegation
  8. Force
  9. Vault
  10. King
  11. Re-Entrancy
  12. Elevator
  13. Privacy
  14. GatekeeperOne
  15. GatekeeperTwo
  16. NaughtCoin
  17. Preservation
  18. Recovery
  19. Magic Number
  20. AlienCodex
  21. Denial
  22. Shop
  23. Dex
  24. Dex Two
  25. PuzzleWallet
  26. Motorbike

The folder structure of each challenge is:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

ethernautWritup
├── about
│   ├── index.md
├── ethernautChallenges
│   ├── 0-HelloEthernaut
│   │   ├── 0-HelloEthernaut.go
│   ├──1-Fallback
│   |   └── 1-Fallback.go
│   ├──2-Fallout
│   |   └── 2-Fallout.go
│   ├──...
└── contracts
    ├── 0-HelloEthernaut.sol # If provided
    └── HelloEthernaut.abi

When a smart contract is needed to resolve the challenge, foundry will be used. The environment can be created with

1

forge init ethernaut

It will look like this

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

ethernaut
├── lib
│   ├── ...
├── src
│   ├── challengeName.sol # Source of the challenge
│   ├──...
├── test
│   ├── challengeName.t.sol # Contract to resolve the challenge
│   └── ...
└── foundry.toml

To convert easily the solidity code to go code the solidity2go.sh script will be used:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

#!/bin/bash

if [[ $1 -eq "" ]]; then
echo "The name is required"
exit
fi

mkdir ../$1
./solc --abi $1.sol -o . --overwrite  @openzeppelin/=$(pwd)/node_modules/@openzeppelin/
pkgName=$(cat $1.sol| grep contract | cut -d" " -f 2)
./abigen --abi=./$pkgName.abi --pkg=$pkgName --out=../$1/$1.go

In the same folder, the node_modules should be installed

1

npm i @openzeppelin/contracts@3.4

For example for the challenge 1-Fallback, the script will be called like this:

1

./solidity2go.sh 1-Fallback

I’m going to learn a lot during this series, so the solutions written in Go or Solidity will probably get better and better as I go through the challenges.