Skip to content

Files

Latest commit

 

History

History

challenge-3-CoinFlip

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 

Ethernaut Challenge 3

In this challenge the user is provided with a contract called Coinflip.sol. The goal of this challenge is win 10 times consecutively by calling the flip() function of the contract.

This challenge requires user to be familiar with the following concepts..

  • Pseudo-Randomness in computer systems

Solution

  • The CoinFlip contract has a flip() function which can be called with boolean parameter.
  • The contract uses blockhash(block.number) - 1to acheive randomness. This is dangerous as pseudo-randomness can be predicted.
  • This can be exploited by writing a similar contract CoinFlipExploit.sol that predicts the input everytime the function is called.
  • We copied over the variables that are constant i.e (FACTOR, blockhash(block.number) - 1) and use them to generate the _guess paramter & call flip(_guess) on the contract to always predict the right guess.

However, I have solved this challenge Challenge-3 using a contract that can be found in test/CoinFlip.t.sol.

  1. Run Exploit!
forge test -vv -m test_challenge_3