# Capture The Ether Miscellaneous Solutions By [kyrers](https://paragraph.com/@kyrers) · 2022-09-11 --- In this post, I will share my explanations for the Miscellaneous section of the Capture The Ether challenges. There are plenty of solutions around the web - my goal was to solve the challenges locally, avoiding Etherscan when possible, and writing code locally. You can find the code [here](https://github.com/kyrers/CTE-Solutions). Let’s begin. Assume Ownership ---------------- This challenge might be the easiest. Solidity now allows you to use the `constructor` keyword so constructors stand out. However, the challenge contract doesn't use that keyword. If you look at the code you'll notice a severe error: the function that's meant to be the constructor is misspelled as `AssumeOwmershipChallenge`, allowing anyone to call it and become the owner. There's not much to this challenge, just: 1. Get the contract abi and address; 2. Get the private key of the ropsten account you are using to interact with Capture The Ether. Otherwise, you can't pass the challenge as CTE doesn't know who you are; 3. Get the contract and connect with it using your account; 4. Call `AssumeOwmershipChallenge`; 5. Call `authenticate`; 6. Win; Token Bank ---------- This challenge involves two contracts: `TokenBankChallenge` which acts as a bank, as the name suggests. It deploys the `SimpleERC223Token` and assigns half to the CTE challenge factory, given that it created the `TokenBankChallenge` contract, and half to the player, meaning us. Our goal is to withdraw all 1000000 tokens, not just our 500000. It's important to know that one difference between the `ERC20` and `ERC223` token standards is that the `ERC223` notifies the recipient of a transfer by calling the `tokenFallback` function in case it is a contract. Now, as you've probably guessed, the `TokenBankChallenge` `withdraw` function must be used. If you look through the function, you'll see that it is vulnerable to reentrancy attacks, as it only updates the `msg.sender` balance after sending the funds. So, even though this looks like a lot of code, the solution isn't all that complicated. We just need to create a contract that has a `tokenFallback` function that keeps withdrawing until the contract is empty. This `tokenFallback` function will be called by the `SimpleERC223Token` contract on each withdrawal, allowing us to check if there are tokens left and keep withdrawing until it is empty. Even though it is obvious, you must not forget that you can only withdraw funds that you have, so before initiating our attack we'll need to send our tokens to the attack contract and deposit them in the bank again. So, here are the steps needed: 1. Get the bank contract abi and address; 2. Get the token contract abi; 3. Deploy the `TokenBankHelper` contract; 4. Get the bank contract; 5. Get the token contract that the challenge bank is using; 6. Withdraw your 500000 tokens; 7. Send your 500000 tokens to the `TokenBankHelper`; 8. Deposit them in the bank; 9. Initiate the attack by withdrawing 500000; 10. Wait until the `TokenBank` contract is empty; 11. Win; --- *Originally published on [kyrers](https://paragraph.com/@kyrers/capture-the-ether-miscellaneous-solutions)*