In this challenge the user is provided with a contract called Coinflip.sol. The goal of this challenge is win 10 times consecutively by calling the flip() function of the contract.
This challenge requires user to be familiar with the following concepts..
- Pseudo-Randomness in computer systems
- The
CoinFlip contracthas aflip()function which can be called with boolean parameter. - The contract uses
blockhash(block.number) - 1to acheive randomness. This is dangerous as pseudo-randomness can be predicted. - This can be exploited by writing a similar contract
CoinFlipExploit.solthat predicts the input everytime the function is called. - We copied over the variables that are constant i.e (
FACTOR,blockhash(block.number) - 1) and use them to generate the_guessparamter & callflip(_guess)on the contract to always predict the right guess.
However, I have solved this challenge Challenge-3 using a contract that can be found in test/CoinFlip.t.sol.
- Run Exploit!
forge test -vv -m test_challenge_3