Hello Ethernaut

intro

PreviousEthernaut NextFallback

Last updated 2 years ago

Hello Ethernaut

intro

Description

This level walks you through the very basics of how to play the game.

1. Set up MetaMask

If you don't have it already, install the (in Chrome, Firefox, Brave or Opera on your desktop machine). Set up the extension's wallet and use the network selector to point to the 'Rinkeby test network' in the top left of the extension's interface.

2. Open the browser's console

Open your browser's console: Tools > Developer Tools.

You should see a few messages from the game. One of them should state your player's address. This will be important during the game! You can always see your player address by entering the following command:

player

Keep an eye out for warnings and errors, since they could provide important information during gameplay.

3. Use the console helpers

You can also see your current ether balance by typing:

getBalance(player)

NOTE: Expand the promise to see the actual value, even if it reads "pending". If you're using Chrome v62, you can use await getBalance(player) for a cleaner console experience.

Great! To see what other utility functions you have in the console type:

help()

These will be super handy during gameplay.

4. The ethernaut contract

Enter the following command in the console:

ethernaut

This is the game's main smart contract. You don't need to interact with it directly through the console (as this app will do that for you) but you can if you want to. Playing around with this object now is a great way to learn how to interact with the other smart contracts of the game.

Go ahead and expand the ethernaut object to see what's inside.

5. Interact with the ABI

ethernaut is a TruffleContract object that wraps the Ethernaut.sol contract that has been deployed to the blockchain.

Among other things, the contract's ABI exposes all of Ethernaut.sol's public methods, such as owner. Type the following command for example:

ethernaut.owner() or await ethernaut.owner() if you're using Chrome v62.

You can see who the owner of the ethernaut contract is.

6. Get test ether

Once you see some ether in your balance, move on to the next step.

7. Getting a level instance

When playing a level, you don't interact directly with the ethernaut contract. Instead, you ask it to generate a level instance for you. To do so, click the blue button at the bottom of the page. Go do it now and come back!

You should be prompted by MetaMask to authorize the transaction. Do so, and you should see some messages in the console. Note that this is deploying a new contract in the blockchain and might take a few seconds, so please be patient when requesting new level instances!

8. Inspecting the contract

Just as you did with the ethernaut contract, you can inspect this contract's ABI through the console using the contract variable.

9. Interact with the contract to complete the level

Look into the level's info method contract.info() or await contract.info() if you're using Chrome v62. You should have all you need to complete the level within the contract. When you know you have completed the level, submit the contract using the submit button at the bottom of the page. This sends your instance back to the ethernaut, which will determine if you have completed it.

Tip: don't forget that you can always look in the contract's ABI!

Setup

Download Metamask Chrome extension and set it up.
Press Ctrl+Shift+I to open developer tools.
Go to https://faucets.chain.link/rinkeby and get some test ether.
Click "Get new instance".

Code Audit

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract Instance {

  string public password;
  uint8 public infoNum = 42;
  string public theMethodName = 'The method name is method7123949.';
  bool private cleared = false;

  // constructor
  constructor(string memory _password) {
    password = _password;
  }

  function info() public pure returns (string memory) {
    return 'You will find what you need in info1().';
  }

  function info1() public pure returns (string memory) {
    return 'Try info2(), but with "hello" as a parameter.';
  }

  function info2(string memory param) public pure returns (string memory) {
    if(keccak256(abi.encodePacked(param)) == keccak256(abi.encodePacked('hello'))) {
      return 'The property infoNum holds the number of the next info method to call.';
    }
    return 'Wrong parameter.';
  }

  function info42() public pure returns (string memory) {
    return 'theMethodName is the name of the next method.';
  }

  function method7123949() public pure returns (string memory) {
    return 'If you know the password, submit it to authenticate().';
  }

  function authenticate(string memory passkey) public {
    if(keccak256(abi.encodePacked(passkey)) == keccak256(abi.encodePacked(password))) {
      cleared = true;
    }
  }

  function getCleared() public view returns (bool) {
    return cleared;
  }
}

The authenticate() function is crucial:

  function authenticate(string memory passkey) public {
    if(keccak256(abi.encodePacked(passkey)) == keccak256(abi.encodePacked(password))) {
      cleared = true;
    }
  }

In order to pass this level, we have to figure out the content of password.

Solution

Interact with the contract in Developer Tool (F12). Enumerate the ABI:

await contract.abi

Note that there is a "hidden" password() function which is not included in the contract source code:

This function takes no input:

Try invoking the password() function:

await contract.password()

It returns the password "ethernaut0". Feed in the password to the authenticate() function to pass this level:

await contract.authenticate("ethernaut0")

Click "Submit instance" and move on to the next level.

Summary

Congratulations! You have completed the tutorial. Have a look at the Solidity code for the contract you just interacted with below.

You are now ready to complete all the levels of the game, and as of now, you're on your own.

Godspeed!!