Recover WETH and ETH JUMPDEST
Closed this issue · 4 comments
Testing the JUMPDEST for recover WETH when using cast send for recover ETH and WETH results in "(code: -32000, message: invalid jump destination, data: None)"
used>>
cast send --rpc-url https://goerli.infura.io/v3/7f4a751c20c34aaa81865fc15e95d236 --private-key 0x04d3fA39350C28FD5B192129f3f962C09CA5FCFa 0x41
Error:
(code: -32000, message: invalid jump destination, data: None)
Testing the JUMPDEST for recover WETH when using cast send for recover ETH and WETH results in "(code: -32000, message: invalid jump destination, data: None)"
used>> cast send --rpc-url https://goerli.infura.io/v3/7f4a751c20c34aaa81865fc15e95d236 --private-key 0x04d3fA39350C28FD5B192129f3f962C09CA5FCFa 0x41 Error: (code: -32000, message: invalid jump destination, data: None)
read the code dude, you need to encode amt as well. abi.encodePacked(jumpdest, amount)
I was able to recover weth using cast send --rpc-url https://goerli.infura.io/v3/7f4a751c20c34aaa81865fc15e95d236 --private-key 0x04d3fA39350C28FD5B192129f3f962C09CA5FCFa0x37000000000000000000000000000000000000000000000000016345785d8a0000
The documentation says recover weth is used with 0x41 jumpdest, however I was able to successfully recover the weth using 0x37 jumpdest with amount out calculated using ethers to hex function and attatched to the payload. Will close issue when I figure out if recover weth is possible with a different jumpdest.
Testing the JUMPDEST for recover WETH when using cast send for recover ETH and WETH results in "(code: -32000, message: invalid jump destination, data: None)"
used>> cast send --rpc-url https://goerli.infura.io/v3/7f4a751c20c34aaa81865fc15e95d236 --private-key 0x04d3fA39350C28FD5B192129f3f962C09CA5FCFa 0x41 Error: (code: -32000, message: invalid jump destination, data: None)read the code dude, you need to encode amt as well. abi.encodePacked(jumpdest, amount)
I will try this as well I was sending raw data and not using abi.encode.
The JUMPDEST for recover ETH is 0x32. I found this by running the test and logging the JUMPDEST returned from the contract SandoCommon.
[37292] SandoTest::testRecoverEth()
├─ [0] VM::startPrank(me)
│ └─ ← ()
├─ [9503] SandoCommon::getJumpDestFromSig(recoverEth) [delegatecall]
│ └─ ← 50
├─ [172] 0xf92CE891Ab58B70486487043DD3f2e6eD713e019::fallback()
│ ├─ [0] me::fallback()
│ │ └─ ← ()
│ └─ ← ()
├─ [9503] SandoCommon::getJumpDestFromSig(recoverEth) [delegatecall]
│ └─ ← 50
├─ [0] console::f5b1bba9(0000000000000000000000000000000000000000000000000000000000000032) [staticcall]
│ └─ ← ()
└─ ← ()
[69940] SandoTest::testRecoverWeth()
├─ [0] VM::startPrank(me)
│ └─ ← ()
├─ [2534] 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2::balanceOf(0xf92CE891Ab58B70486487043DD3f2e6eD713e019) [staticcall]
│ └─ ← 0x0000000000000000000000000000000000000000000000056bc75e2d63100000
├─ [2534] 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2::balanceOf(me) [staticcall]
│ └─ ← 0x0000000000000000000000000000000000000000000000000000000000000000
├─ [10299] SandoCommon::getJumpDestFromSig(recoverWeth) [delegatecall]
│ └─ ← 55
├─ [21385] 0xf92CE891Ab58B70486487043DD3f2e6eD713e019::37000000(0000000000000000000000000000000000000000056bc75e2d63100000)
│ ├─ [21162] 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2::transfer(me, 100000000000000000000 [1e20])
│ │ ├─ emit Transfer(from: 0xf92CE891Ab58B70486487043DD3f2e6eD713e019, to: me, amount: 100000000000000000000 [1e20])
│ │ └─ ← 0x0000000000000000000000000000000000000000000000000000000000000001
│ └─ ← ()
├─ [10299] SandoCommon::getJumpDestFromSig(recoverWeth) [delegatecall]
│ └─ ← 55
├─ [0] console::f5b1bba9(0000000000000000000000000000000000000000000000000000000000000037) [staticcall]
│ └─ ← ()
├─ [534] 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2::balanceOf(0xf92CE891Ab58B70486487043DD3f2e6eD713e019) [staticcall]
│ └─ ← 0x0000000000000000000000000000000000000000000000000000000000000000
├─ [534] 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2::balanceOf(me) [staticcall]
│ └─ ← 0x0000000000000000000000000000000000000000000000056bc75e2d63100000
└─ ← ()
If you look at the console lines in both of these tests you can see where I got my jumpdest's from. Hope this helps people.