Project BackgroundThe client's intention is to launch a Hacking Contest for smart contract systems, and this will be its second challenge. Participants will learn smart contract security by trying to exploit vulnerabilities that have occured in the past in popular smart contract projects. The challenges will be published as self-contained GitHub projects, that can be easily cloned and installed locally. Within minutes participants will be able to start hacking smart contract systems in a realistic and safe environment.
Be sure to check the previous challenge in the series, and how it was implemented. We want to use the similar setup / structure here, so that the new challenge can be added to the same repository, and handled in the same manner.
Technology StackThis is a blockchain-related challenge. Relevant technologies are: Ethereum, Solidity, Truffle.
Code AccessCodebase created in the previous challenge is referenced above. Note that you are not supposed to modify in any way the Parity_1_2 challenge, already present in the repo; but you are expected to use its code / setup for reference, to ensure that the newly created challenge can be used in the similar way.
Individual RequirementsBelow is the list of what you should do in this challenge. Consider all requirements as major.
- Users can start the challenge with ./src/start_level (e.g. https://github.com/thec00n/Smart-Contract-Hacker-Playground/blob/master/Parity_1_2/start_level). Deploy PoWH token contract (https://etherscan.io/address/0xa7ca36f7273d4d38fc2aec5a454c497f86728a7a#code) from ./src/contracts/. Create users that call the function fund() with randomly selected Ether deposits ranging between 1 and 10 ETH. Create as many user transactions necessary to have at least 1000 ETH in the contract. A user only makes one transaction.
- All dependencies need to be installable with npm install! You can assume that nodejs 10.x and npm 6.x are installed by the user.
- Create a src/README.md as part of the repo that explains objective of the hacker challenges. Creative ideas are welcome (e.g. https://github.com/thec00n/Smart-Contract-Hacker-Playground/blob/master/Parity_1_2/README.md)
- Create solutions/hack.js that exploits the vulnerabilities in the contract and that transfers all of the Ether in the contract to the user. The user’s address is 0xd34435a94f999e0e9fc7c3780a15aa1a815f76e9 (priv: 0x601aaaf5f9ac507ffd34eb3b10bb1bf7b382bf312f460572ba207e4e2b221787) he has 10 ETH starting balance.
- Users can verify if they have succeeded in getting all the ETH from the contract by running ./src/get_status (e.g. https://github.com/thec00n/Smart-Contract-Hacker-Playground/blob/master/Parity_1_2/get_status). User 0xd34435a94f999e0e9fc7c3780a15aa1a815f76e9 should have more than 1000 ETH balance.