Skip to content

Latest commit

 

History

History
52 lines (28 loc) · 2.43 KB

Puzzle8.md

File metadata and controls

52 lines (28 loc) · 2.43 KB

Analysis

  1. CALLDATASIZE (36): Pushes the size of the calldata onto the stack.

  2. PUSH1 00 (6000): Pushes the value 00 onto the stack.

  3. DUP1 (80): Duplicates the top value of the stack.

  4. CALLDATACOPY (37): Copies the calldata into memory using destination offset, source offset, and length from the stack.

  5. PUSH1 00 (6000) (repeated twice): Pushes 00 onto the stack twice, preparing parameters for CREATE.

  6. CREATE (F0): Creates a new contract with the calldata as its initialization code.

  7. PUSH1 00 (6000), DUP1 (80) (repeated four times): Prepares stack for CALL with parameters including gas, target address, value, and memory positions.

  8. SWAP5 (94): Swaps stack items to place the contract address at the correct position for CALL.

  9. GAS (5A): Pushes remaining gas onto the stack.

  10. CALL (F1): Attempts to call the contract at the address with provided parameters.

  11. PUSH1 00 (6000), EQ (14): Checks if the CALL operation was unsuccessful (equal to 0).

  12. PUSH1 1B (601B), JUMPI (57): Performs a conditional jump to JUMPDEST if CALL was unsuccessful.

  13. JUMPDEST (5B), STOP (00): Marks a valid jump destination and halts execution.

Execution

  • The sequence starts by copying the calldata into memory.
  • CREATE uses this calldata to deploy a new contract.
  • CALL then attempts to execute this new contract, with the outcome determining the next steps.
  • For the puzzle to be solved, this CALL must fail, causing a jump to JUMPDEST and then a successful STOP.

Solution

The solution is to provide calldata that creates a contract that will cause the CALL operation to fail. This can be done by deploying a contract that immediately reverts.

  • The calldata 0x60FD60005360016000F3 is a sequence of opcodes that results in such a contract:

    1. 60FD (PUSH1 FD): Pushes the REVERT opcode onto the stack.

    2. 6000 (PUSH1 00): Pushes the memory offset 00.

    3. 53 (MSTORE8): Stores the REVERT opcode at the specified memory offset.

    4. 6001 (PUSH1 01) and 6000 (PUSH1 00): Prepare the stack for RETURN, specifying the offset and size of the data to return.

    5. F3 (RETURN): Returns the REVERT opcode as the runtime bytecode of the new contract.

  • This calldata ensures that the new contract will REVERT any call to it, making the CALL operation fail and allowing the execution to jump to JUMPDEST and then execute STOP.