I’ve been dabbling around with Solidity and smart contracts over the past couple of weeks. And the more I learn, the more fascinating the topic becomes to me. To share my fascination, and to create awareness for smart contract vulnerabilities, I decided to create a Solidity riddle. Play along and break the code to get access to the deposited tokens 🙂
How Does It Work?
Basically, I created a smart contract with a built-in security exploit, and I deployed it on Binance Smart Chain (BSC). I then deposited a few tokens into the contract. The challenge is to gain access and withdraw them to a wallet that you control. How you do that, is up to you. I know at least one solution to the problem, but there might be more. There are no real rules here. The smart contract is out there and public, and whoever manages to withdraw the tokens wins and can keep them.
Why BSC?
Solidity is the most common language used to develop smart contracts for the Ethereum Virtual Machine (EVM). However, BSC is essentially just a clone of Ethereum. And almost anything that works on Ethereum, works on BSC as well. With fees being so much lower on BSC, and this just being a fun little challenge, I decided to go for BSC.
Now, I am aware that lower fees on BSC come at a cost. BSC is a lot less decentralized. But this is not an ideological statement. This is just a fun challenge to play around with Solidity, and it shouldn’t cost an arm and a leg to participate.
Show Me The Contract Already!
Alright, enough talking. Let’s cut straight to the chase. Here’s the contract:
https://bscscan.com/address/0xaa57213f5c0154619713537e99b8dfd923c6e3ef
It currently holds 25,000 tokens, worth about 20$ on the open market. The exploitable contract is verified on BscScan and can be analyzed to find the solution to the challenge.
I’m honestly excited to see how long it will take for someone to gain access 🙂
What Tools Should I Use?
You will need a BSC wallet and (depending on your approach) a Solidity compiler for this challenge. You can use any BSC compatible wallet, but I recommend Metamask, although it needs to be set up to work on BSC first. Here’s how to do that:
https://academy.binance.com/en/articles/connecting-metamask-to-binance-smart-chain
The most common IDE for Solidity development is probably Remix. It’s a web tool with an integrated Solidity Compiler. You can connect it with Metamask to deploy your smart contracts on-chain. Here’s where you find Remix:
Closing Remarks
I put the contract on GitHub as well. If anybody wants to fork it, copy it, or even propose changes to increase the difficulty, feel free to do so:
https://github.com/scamcoincrypto/solidity-riddles
Other than that, there’s not much left to say. Have fun with the challenge! And if you find the solution, I would love for you to write a little post about it.
submitted by /u/sheer1706
[link] [comments]