Scribd Logo
Upload

Welcome to Scribd!

  • Confidential Hash Solution

    Uploaded by

    Vishesh Sachdev
    5 views2 pages
    1. The document describes how to retrieve private variables stored in a smart contract by accessing their storage slots on the blockchain. 2. It provides steps to use a JSON RPC provider to get the values stored in storage slots 4 and 9, which contain the hashes of alice and bob. 3. The retrieved values can then be hashed using the contract's hash function and verified by calling the checkthehash function.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1. The document describes how to retrieve private variables stored in a smart contract by accessing their storage slots on the blockchain. 2. It provides steps to use a JSON RPC provider to get the values stored in storage slots 4 and 9, which contain the hashes of alice and bob. 3. The retrieved values can then be hashed using the contract's hash function and verified by calling the checkthehash function.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views2 pages

    Confidential Hash Solution

    Uploaded by

    Vishesh Sachdev
    1. The document describes how to retrieve private variables stored in a smart contract by accessing their storage slots on the blockchain. 2. It provides steps to use a JSON RPC provider to get the values stored in storage slots 4 and 9, which contain the hashes of alice and bob. 3. The retrieved values can then be hashed using the contract's hash function and verified by calling the checkthehash function.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Confidential Hash - QuillCTF solution

    Private variables can be read by outside world

    Let's look at it 👍
    STEPS TO ATTACK 👍
    1. Ethereum stores contract data in 32 bytes slots (Each slot in memory can
    store 32 bytes )
    2. Looking at the contract we can see that slot 4 and slot 9 contains alicehash
    and bobhash resp.
    3. let target = "0xf8E9327E38Ceb39B1Ec3D26F5Fad09E426888E66"; //Goerli
    Test Net
    4.
    5. const provider = new
    ethers.providers.JsonRpcProvider(process.env.PROVIDER);
    6.
    7. const slot4 = await provider.getStorageAt(target, 4);
    8. const slot9 = await provider.getStorageAt(target, 9);

    3. After getting the values we will call hash function in the contract to get
    keccak256 hash of alicehash and bobhash
    4. We can verify that hash by calling checkthehash() in the contract .

    RESULT 👍 (hash)
    0x9ef416df0fda1100f986a774a4b5e98862857d91600d4f615de7187c70d
    2b7bf

    Script to find hash

    https://github.com/vishesh0123/quillCTF/blob/main/scripts/Confidenti
    al.js

    You might also like