Ethernaut hacking challenges: intro walkthrough
Published
Table of contents
Ethernaut is a solidity and web3 hacking game in which you have to take control, steal funds or any other hack of different smart contracts and web apps. It has multiple levels and in each one you'll learn about different vulnerabilities.
In these series I'll review and explain each level. Let's start with the intro!
Ethernaut intro
This level basically explains how to set up your wallet and use the browser console to interact with the contract.
To start, you need to click on the "Get a new instance" button to get assigned a new vulnerable contract. This will trigger a Metamask prompt that you need to sign. Once the transaction is completed, you can use the browser console to interact with the contract
variable.
For example contract.info()
will give you all the details of the contract and contract.methods()
will return all the available methods:
After spending some time interacting with the contract info methods, you get asked to authenticate using a password, but what is it?
What is Ethernaut's intro password?
I'l give you some clues:
-
You can get explore the contract ABI in the console. Specifically the contract's methods.
-
All state variables in a smart contract expose a getter method that returns it's value
-
Run
await contract.password()
Once you know the password, you can submit it with contract.authenticate("thePassword")
Takeways
I this first level you get to know how to interact with the contracts and how to submit your results. I'd say that the main takeaway of this level is that every state variable has a getter method that can be exploited, so you have to make sure not to store private data in them.
TAGS