Openzeppelin Ethernaut Part — 0X00
Ethernaut is a Web3/Solidity-based wargame inspired by overthewire.org, played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be "hacked."
Hello, Ethernaut is the first challenge of the Ethernaut series by Zeppelin. This blog will go through the setup part and how to hack your first smart contract.
Setting up a MetaMask Wallet
Similar to a regular wallet, the Metamask wallet is used to store cryptocurrency. It is one of the most well-known and user-friendly cryptocurrency wallets and can also be used for authentication and access to decentralized applications. The installation of Metamask is very simple. Go to the official Metamask website and follow the steps, or you can follow this blog to set up Metamask in your favorite browser.
After successful setup, your Metamask wallet looks like this.
By default, the metamask wallet is configured on the Ethereum Mainnet Network, which is the primary public Ethereum production blockchain, where actual value transactions happen. In simple words, when people discuss ETH prices, they are talking about mainnet ETH. Whereas ethernaut challenges are available on the 5 different test networks.
To switch your metamask network to any of these test networks, follow these 4 steps.
Open Metamask → Setting → Advanced → Enable Show Test Network.
After enabling the test network, switch to “Goerli Test Network” from the top right corner. You can also choose any other test network on your metamask but you have to select the same on the ethernaut challenge.
After successfully switching to the Goerli test network, let's try to get some ETH on the Goerli test network. There are many faucets from where you can get the ETH. Here is the Alchemy Faucet, which gives 0.1 ETH after 24 hours.
Solving challenge using foundry cast
Now that we have successfully set up the metamask wallet with the Goerli test network, let's try to solve our first solidity challenge. Go to the “Hello Ethernaut” challenge, scroll down the page, and click on Get New Instance. This will open a pop-up, click on the confirm button, and it will deploy the contract on the chain.
Open the console and wait for the transaction to be mined and copy the instance address. We will be using the instance value to interact with the contract.
To solve the challenges, I am going to use Foundry. It is a smart contract development toolchain. Installation is very straightforward. Copy the below command onto your terminal and run "foundryup". It is also available on gitpod as well. To access it straight from your browser, click on the link.
curl -L https://foundry.paradigm.xyz | bashYou can find out more about the foundry in their official book.
Let’s try to interact with the smart contract using the cast. Cast is a foundry’s command-line tool for performing Ethereum RPC calls. From the command line, we can make smart contract calls, send transactions, or retrieve any type of chain data. To perform the RPC calls on the chain, we need some kind of bridge that can make calls on the Ethereum chain on our behalf.
Alchemy provides the API key, which we can use to interact with the Ethereum chain. Here is the blog by Elan Halpern on how to create the API key for an app. Also, don't forget to select Goerli as the network during creating the APP. Copy the API KEY and export it to your terminal.
export ETH_RPC_URL=https://eth-goerli.g.alchemy.com/v2/<API_KEY>
The challenge also gives a hint to look into the info() function. Let's call the info function using a cast.
cast call 0x7520cce24AdF1a50dc8Fd2945d4a5EF59D7560DA "info()(string)"- cast: command-line tool for performing Ethereum RPC calls.
- call: call the contract function.
- 0x7520cce24AdF1a50dc8Fd2945d4a5EF59D7560DA: Contact Address where smart contract is deployed.
- info(): Function name in the deployed contract.
- string: Contract gives the output in hex format, rather than converting it to ASCII in a later step we can pass the string command to give output in ASCII format.
Now that we've got the password, let's try to submit the authenticate() function. To send the transaction on the chain, we need a metamask private key. To get the metamask private key, click on the metamask extension → Three dots on your metamask → Account Details → Export Private Key.
Now we send the transaction onto the chain. Go back to the ethernaut challenge and click on “submit instance". It will pop up a dialog box. For the transaction to be mine, click confirm and give it some time. After solving the challenge, we can now access the contract source code.
Now we have the source code, so rather than doing the transaction manually, we can also write code in the foundry to make calls and send transactions. In the next blog, we will discuss how to write code in the foundry and how to automate the whole process.
The vulnerability in this contract is that the password (state variable) is defined as public. Any state variable or function that is defined as the public can be called by any contact and account.
Thanks for reading! If you enjoyed the blog, please click the 👏 button and share it to help others! Feel free to leave a comment 💬 below. Have feedback? Let’s connect on Twitter.
