OpenZeppelin's wargame, Ethernaut teaches practical smart contract security concepts through CTF like challenges.
This repo contains walkthroughs and solutions to each level using only Foundry.
-
Forgea cli tool for testing, building, and deploying smart contracts -
Casta swiss army knife for interacting with Ethereum RPC nodes
Walkthrough is hosted here
This project uses environment variables to handle all config variables:
ETH_RPC_URLthis is automatically checked by forge and castPRIVATE_KEYthis has to be manually included when using forge or castLEVEL_ADDRESSinstance address
Environment variables can be set in the terminal as follows
export PRIVATE_KEY=<your-private-key-here>
export ETH_RPC_URL=<your-rinkerby-node-url-here>
export LEVEL_ADDRESS=<your-instance-address-here>
Note: Foundry offers multiple ways to store your private key for signing, the method proposed above is not secure and should only be used with a temporary wallet for the purpose of this walkthrough.
Foundry offers support for raw private keys, keystore private keys, and hardware wallets. Read more about how to implement each one here
Level Name link leads to solution write up.
| Level Name | Concepts Explored | Difficulty |
|---|---|---|
| Fallback | Fallback & receive functions | 1/10 |
| Fallout | Misnaming functions | 2/10 |
| Coin Flip | Predicting onchain randomness | 3/10 |
| Telephone | Msg.sender vs tx.origin | 1/10 |
| Token | Overflow and underflows attacks | 3/10 |
| Delegation | DelegateCall | 4/10 |
| Force | SelfDestruct function | 5/10 |
| Vault | Inspecting contract storage slots | 3/10 |
| King | Spoofing contract that expects EOA | 6/10 |
| Re-entrancy | Re-entrancy attacks | 6/10 |
| Elevator | Malicious interfaces | 4/10 |
| Privacy | Layout of state variables in storage | 8/10 |
| Gatekeeper One | Bytemasking and gasLeft function | 5/10 |
| Gatekeeper Two | Calling from code from constructor | 6/10 |
| Naught Coin | Inheritance and transferFrom function | 5/10 |
| Preservation | DelegateCall | 8/10 |
| Recovery | Contract address creation | 6/10 |
| Magic Number | Contract init and runtime opcodes | 6/10 |
| Alien Codex | Writing to any storage slot using overflows | 7/10 |
| Denial | Ddos gas draining attack | 5/10 |
| Shop | Malicious view function interfaces | 4/10 |
| Dex | Manipulating oracle-less price data | 3/10 |
| Dex Two | Creating a malicious ERC20 token | 4/10 |
| Puzzle Wallet | Proxy design patterns | 7/10 |
| Motorbike | Upgradable pattern and EIP-1967 | 6/10 |
| DoubleEntryPoint | Fortra contracts | 4/10 |
All contributions are welcome, if you find any mistakes or have a better implementation feel free to create a pull request.
Levels without writeups :
24 Puzzle Wallet25 Moterbike26 Double Entry Point