Ethernaut Level 3 — Coin Flip
The Ethernaut is a Web3/Solidity based wargame inspired on overthewire.org. Here’s the solution to the Level 3 Coin Flip.
The initial info clarifies the challenge:
This is a coin flipping game where you need to build up your winning streak by guessing the outcome of a coin flip. To complete this level you’ll need to use your psychic abilities to guess the correct outcome 10 times in a row.
Then, there’s contract’s code:
The CoinFlip function creates a pseudo-random value which can be either true or false. This value is then compared to the guess supplied by the caller. If the caller was right, the wins counter is incremented.
The problem with this code is, that there are two factors used to generate the pseudo random value: blockValue (which is a number of a current block executing the function) and hardcoded FACTOR. Both of these are predictable, therefore attacker can user them to infer the next “random” value. It can be done by creating the attacker contract:
As can be seen, attacker contract reimplements the pseudo-random algorithm, and then calls the original one with the predicted value. Since the attacker and victim will be executed on the same block, the attacker contract will alway guess right the flip.
Note: if you copy above code, remember to change the victimAddress to your own instance of CoinFlip. You can get this address by running contract.address in the Ethernaut console.
After running the attack function 10 times , I can submit the instance and complete the challenge.