✅Puzzle 3

DELEGATECALL

Puzzle

############
# Puzzle 3 #
############

00      36        CALLDATASIZE
01      6000      PUSH1 00
03      6000      PUSH1 00
05      37        CALLDATACOPY
06      36        CALLDATASIZE
07      6000      PUSH1 00
09      6000      PUSH1 00
0B      F0        CREATE
0C      6000      PUSH1 00
0E      80        DUP1
0F      80        DUP1
10      80        DUP1
11      93        SWAP4
12      5A        GAS
13      F4        DELEGATECALL
14      6005      PUSH1 05
16      54        SLOAD
17      60AA      PUSH1 AA
19      14        EQ
1A      601E      PUSH1 1E
1C      57        JUMPI
1D      FE        INVALID
1E      5B        JUMPDEST
1F      00        STOP

? Enter the calldata:

Solution

Pseudocode:

// Copy calldata to memory offset 0
calldatacopy(0, 0, calldata_size);

// Create a new contract based on that calldata stored in memory, deposit 0 wei into it.
// Return the new contract's address back to the stack.
contract_address = create(0, 0, calldata_size);

// Delegatecall
// Return 0 or 1
returndata = delegatecall(gas, contract_address, 0, 0, 0, 0);

// Read the storage slot 5
element = sload(0x05);

if (element == 0xAA) {
    jump(0x1E);
}

The new contract must store 0xAA in storage slot 5. The runtime code is easy to write:

PUSH1 0xAA
PUSH1 0x05
SSTORE

Compile:

60aa600555

Build a creation code just like what we did in Puzzle 2:

PUSH5 0x60aa600555
PUSH1 0x00
MSTORE

PUSH1 0x05
PUSH1 0x1B
RETURN

Compile:

6460aa6005556000526005601bf3

PreviousPuzzle 2 NextPuzzle 4

Last updated 1 year ago