/ethernaut-writeups

Writeups for Zeppelin's Ethernaut challenges about smart contract security.

Ethernaut Writeups

This repository is a collection of writeups for Ethernaut challenges.

Ethernaut is a small wargame consisting of many challenges regarding smart contract security, specifically focused on the Ethereum blockchain. While some of these challenges are mostly teasers to improve the player's knowledge of smart contracts, some are based on very real security issues which caused lots of money to be stolen.

It's highly recommended to try the challenges if you're just now learning about smart contracts and intend to get a deeper understanding of potential problems with their development.

The game runs on the Ropsten testnet (so you don't need actual money to play) and you interact with it through Web3js and Metamask.

Metamask is a browser-based Ethereum wallet. Web3js is a Javascript API for the Ethereum blockchain, allowing the player to interact with the blockchain via the browser console.

Further instructions on how to play can be found here. I'm not aware of whether the Zeppelin team plans on keeping the game online indefinitely, but decided to write these writeups anyway, mainly because I'm bored and want to share my solutions and thoughts with the community. Update: the game can also be played locally, since it's open source.

Feel free to ask me for help if you need. My telegram handle is @marzanol. Also be aware I'm in no way an expert in this field and cannot provide any valuable insight into real life projects other than what can be learned from this game itself.

Index

  1. Hello Ethernaut
  2. Fallback
  3. Fallout
  4. Token
  5. Delegation
  6. Force
  7. King
  8. Reentrancy
  9. Elevator
  10. Telephone
  11. Vault
  12. CoinFlip
  13. Privacy (todo)
  14. Gatekeeper One (todo)
  15. Gatekeeper Two (todo)
  16. Naught Coin (todo)

PS: New challenges were added by the Zeppelin team and the order of the challenges was changed, so the order here doesn't match theirs anymore.

Resources