✅Puzzle 9

Puzzle

############
# Puzzle 9 #
############

00      34        CALLVALUE
01      6000      PUSH1 00
03      52        MSTORE
04      6020      PUSH1 20
06      6000      PUSH1 00
08      20        SHA3
09      60F8      PUSH1 F8
0B      1C        SHR
0C      60A8      PUSH1 A8
0E      14        EQ
0F      6016      PUSH1 16
11      57        JUMPI
12      FD        REVERT
13      FD        REVERT
14      FD        REVERT
15      FD        REVERT
16      5B        JUMPDEST
17      00        STOP

? Enter the value to send: (0) 

Solution

Pseudocode:

mstore(0, msg.value);
hash = sha3(0, 0x20); // hash that msg.value

if (hash >> 0xF8 == 0xA8) {
    jump(0x16);
}

The condition hash >> 0xF8 == 0xA8 means the MSB of hash is 0xA8. In other words, in this challenge our task is to find an integer x such that hash(x) begins with 0xA8.

Write a simple Bash script to brute-force msg.value:

#!/bin/bash

COUNTER=1

while [ $COUNTER -lt 1024 ]
do
     echo "msg.value: $COUNTER"
     printf "$COUNTER\n\n" | npx hardhat play | grep "Puzzle solved!"
     COUNTER=$[$COUNTER +1]
     rm -f solutions/solution_9.json
done

The answer is 47.