Making of HappyNewYear CTF Puzzle
Imagine there is a contract that can execute any code you send to it. And imagine it also holds some money. How easy would it be to hack it? It would be quite easy, especially if all the opcodes are available. That’s why I decided to create a puzzle like this, but with a few extra tricks to make it a bit harder to solve (even if the tricks are mostly “smoke and mirrors”). I announced the puzzle on Twitter two days before 2023, and it has already been solved: https://twitter.com/0x796/status/1...
Making of HappyNewYear CTF Puzzle
Imagine there is a contract that can execute any code you send to it. And imagine it also holds some money. How easy would it be to hack it? It would be quite easy, especially if all the opcodes are available. That’s why I decided to create a puzzle like this, but with a few extra tricks to make it a bit harder to solve (even if the tricks are mostly “smoke and mirrors”). I announced the puzzle on Twitter two days before 2023, and it has already been solved: https://twitter.com/0x796/status/1...
PUSH1: or "Parsing EVM Bytecode"
Have you ever encountered a JUMPDEST opcode in Ethereum bytecode and wondered how the execution can jump there? Look at this delicious 5Bs, so many places the code can run from!A lot of 5B's - the JUMPDEST opcodesIf there is a 5B you can always jump there, right?… Wrong! And the answer has to do with something called instruction boundaries.What are instruction boundaries and why do they matter?When the Ethereum Virtual Machine (EVM) processes bytecode, it loads each octet and defines whe...
PUSH1: or "Parsing EVM Bytecode"
Have you ever encountered a JUMPDEST opcode in Ethereum bytecode and wondered how the execution can jump there? Look at this delicious 5Bs, so many places the code can run from!A lot of 5B's - the JUMPDEST opcodesIf there is a 5B you can always jump there, right?… Wrong! And the answer has to do with something called instruction boundaries.What are instruction boundaries and why do they matter?When the Ethereum Virtual Machine (EVM) processes bytecode, it loads each octet and defines whe...
Forget about "optimizing"
Is Solidity optimization a waste of time?(or: surprising facts about the compiler's optimizer)Imagine you have a packed struct like this in storage:Storage Packed StructCan you guess which code will be cheaper to run:the one that’s reading every value from storage several times? (A)the one reading from a storage reference? (B)or maybe the one loading the whole struct into memory first? (C)Which code will be cheaper?Wrong. Whatever you guessed - you’re not even close!As Solidity developer...
Forget about "optimizing"
Is Solidity optimization a waste of time?(or: surprising facts about the compiler's optimizer)Imagine you have a packed struct like this in storage:Storage Packed StructCan you guess which code will be cheaper to run:the one that’s reading every value from storage several times? (A)the one reading from a storage reference? (B)or maybe the one loading the whole struct into memory first? (C)Which code will be cheaper?Wrong. Whatever you guessed - you’re not even close!As Solidity developer...
A thing about gas-golfing and test-fitting
Crypto-twitter likes puzzles. And gas-golfing. Any CTF puzzle gains huge success, although in the end it all comes down to “test-fitting”. Let me review a recent example from RareSkills that blew up on CT a couple of days ago:Distribution gas-puzzle by RareSkillsThe idea is to optimize gas in the contract and run provided tests for it that have a threshold. By default, the gas is way over the target:Provided tests results when ran on the original contractSo the “rules” are: no messing with op...
A thing about gas-golfing and test-fitting
Crypto-twitter likes puzzles. And gas-golfing. Any CTF puzzle gains huge success, although in the end it all comes down to “test-fitting”. Let me review a recent example from RareSkills that blew up on CT a couple of days ago:Distribution gas-puzzle by RareSkillsThe idea is to optimize gas in the contract and run provided tests for it that have a threshold. By default, the gas is way over the target:Provided tests results when ran on the original contractSo the “rules” are: no messing with op...
