Author Image

Hi! I am manbolq

Recent Posts

Hero Image
Shop - The Ethernaut - Writeup

Сan you get the item from the shop for less than the price asked? This is the code of the challenge’s contract: // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; interface IBuyer { function price() external view returns (uint256); } contract Shop { uint256 public price = 100; bool public isSold; function buy() public { IBuyer _buyer = IBuyer(msg.sender); if (_buyer.price() >= price && !isSold) { isSold = true; price = _buyer.price(); } } } Basically, the first call of the price() function must return >= 100. The second call made to price() must return < 100. We control the logic of the buyer, so this should be pretty easy.

Friday, June 5, 2026 | 2 minutes Read
Hero Image
Denial - The Ethernaut - Writeup

This is a simple wallet that drips funds over time. You can withdraw the funds slowly by becoming a withdrawing partner. If you can deny the owner from withdrawing funds when they call withdraw() (whilst the contract still has funds, and the transaction is of 1M gas or less) you will win this level. The code of the challenge’s contract is the following: // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; contract Denial { address public partner; // withdrawal partner - pay the gas, split the withdraw address public constant owner = address(0xA9E); uint256 timeLastWithdrawn; mapping(address => uint256) withdrawPartnerBalances; // keep track of partners balances function setWithdrawPartner(address _partner) public { partner = _partner; } // withdraw 1% to recipient and 1% to owner function withdraw() public { uint256 amountToSend = address(this).balance / 100; // perform a call without checking return // The recipient can revert, the owner will still get their share partner.call{value: amountToSend}(""); payable(owner).transfer(amountToSend); // keep track of last withdrawal time timeLastWithdrawn = block.timestamp; withdrawPartnerBalances[partner] += amountToSend; } // allow deposit of funds receive() external payable {} // convenience function function contractBalance() public view returns (uint256) { return address(this).balance; } } We need to create a DoS of the contract when the owner executes the function withdraw. We control the partner address (through the setWithdrawPartner function), to which a call is made that does not specify a fixed gas limit.

Thursday, June 4, 2026 | 3 minutes Read
Hero Image
Alien Codex - The Ethernaut - Writeup

You’ve uncovered an Alien contract. Claim ownership to complete the level. This is the code of the contract: // SPDX-License-Identifier: MIT pragma solidity ^0.5.0; import "../helpers/Ownable-05.sol"; contract AlienCodex is Ownable { bool public contact; bytes32[] public codex; modifier contacted() { assert(contact); _; } function makeContact() public { contact = true; } function record(bytes32 _content) public contacted { codex.push(_content); } function retract() public contacted { codex.length--; } function revise(uint256 i, bytes32 _content) public contacted { codex[i] = _content; } } To be able to pass this challenge we need to understand how dynamic arrays are stored in the EVM storage. First, a whole slot (32 bytes) is assigned to that array using standard slot assigment rules. The number stored in this slot will correspond to the number of elements of the array. Let’s see that.

Sunday, May 31, 2026 | 3 minutes Read
Show More