Ethernaut Level 11 — Elevator
The Ethernaut is a Web3/Solidity based wargame inspired on overthewire.org. Here’s the solution to the Level 11— Elevator.
This elevator won't let you reach the top of your building. Right?Things that might help:
- Sometimes solidity is not good at keeping promises.
- This Elevator expects to be used from a Building.
The target is the elevator contract with a goTo function:
The elevator checks if the requested floor is the top floor. If it is, it does not perform the “ride”. If it’s not, it will perform the ride and it will check again if the floor is the last one and store this information in the contract.
Since the isTheLastFloor function called from the sender contract (line 13), we can create the contract, that alternates the result of the isTheLastFloor function. This way, it’ll enter the if clause, but then it’ll store the information that the request floor is the last one.
The attacker contract can be found below:
Usual script will call the attack:
After running the attacker contract, I can verify, that the elevator has indeed has “stopped” on the “last floor”:
> await web3.eth.getStorageAt(contract.address, 0)
'0x0000000000000000000000000000000000000000000000000000000000000001'All that’s left is to submit the instance.
