Hero Image
Re-entrancy - The Ethernaut - Writeup

The goal of this level is for you to steal all the funds from the contract. And this is the contract’s code: // SPDX-License-Identifier: MIT pragma solidity ^0.6.12; import "openzeppelin-contracts-06/math/SafeMath.sol"; contract Reentrance { using SafeMath for uint256; mapping(address => uint256) public balances; function donate(address _to) public payable { balances[_to] = balances[_to].add(msg.value); } function balanceOf(address _who) public view returns (uint256 balance) { return balances[_who]; } function withdraw(uint256 _amount) public { if (balances[msg.sender] >= _amount) { (bool result,) = msg.sender.call{value: _amount}(""); if (result) { _amount; } balances[msg.sender] -= _amount; } } receive() external payable {} } First of all, generate a new instance of the challenge:

Friday, April 24, 2026 | 2 minutes Read
Hero Image
Delegation - The Ethernaut - Writeup

The goal of this level is for you to claim ownership of the instance you are given. This is the contract’s code: // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; contract Delegate { address public owner; constructor(address _owner) { owner = _owner; } function pwn() public { owner = msg.sender; } } contract Delegation { address public owner; Delegate delegate; constructor(address _delegateAddress) { delegate = Delegate(_delegateAddress); owner = msg.sender; } fallback() external { (bool result,) = address(delegate).delegatecall(msg.data); if (result) { this; } } } First, we need to get an instance for the challenge:

Wednesday, April 22, 2026 | 2 minutes Read
Hero Image
Force - The Ethernaut - Writeup

Some contracts will simply not take your money ¯\_(ツ)_/¯ The goal of this level is to make the balance of the contract greater than zero. And the contract’s code is… // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; contract Force { /* MEOW ? /\_/\ / ____/ o o \ /~____ =ø= / (______)__m_m) */ } An empty contract! First, we need to get an instance for the challenge:

Wednesday, April 22, 2026 | 2 minutes Read
Hero Image
Telephone - The Ethernaut - Writeup

Claim ownership of the contract below to complete this level. This is the contract’s code: // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; contract Telephone { address public owner; constructor() { owner = msg.sender; } function changeOwner(address _owner) public { if (tx.origin != msg.sender) { owner = _owner; } } } In order to change the owner of the contract, we need to call the changeOwner function, in a way that tx.origin != msg.sender. In this Ethereum Stackexchange question, its difference is discussed. It is simple, though: the EVM allows contracts to call functions on another contracts. Then, we could have a chain of calls like this:

Wednesday, April 22, 2026 | 2 minutes Read
Hero Image
Token - The Ethernaut - Writeup

The goal of this level is for you to hack the basic token contract below. You are given 20 tokens to start with and you will beat the level if you somehow manage to get your hands on any additional tokens. Preferably a very large amount of tokens. // SPDX-License-Identifier: MIT pragma solidity ^0.6.0; contract Token { mapping(address => uint256) balances; uint256 public totalSupply; constructor(uint256 _initialSupply) public { balances[msg.sender] = totalSupply = _initialSupply; } function transfer(address _to, uint256 _value) public returns (bool) { require(balances[msg.sender] - _value >= 0); balances[msg.sender] -= _value; balances[_to] += _value; return true; } function balanceOf(address _owner) public view returns (uint256 balance) { return balances[_owner]; } } First, we need to get an instance for the challenge:

Wednesday, April 22, 2026 | 2 minutes Read
Hero Image
Vault - The Ethernaut - Writeup

Unlock the vault to pass the level! This is the contract’s code: // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; contract Vault { bool public locked; bytes32 private password; constructor(bytes32 _password) { locked = true; password = _password; } function unlock(bytes32 _password) public { if (password == _password) { locked = false; } } } First, we need to get an instance for the challenge: After connecting our Metamask wallet, click on “Get New Instance”:

Wednesday, April 22, 2026 | 2 minutes Read
Hero Image
Coin Flip - The Ethernaut - Writeup

This is a coin flipping game where you need to build up your winning streak by guessing the outcome of a coin flip. To complete this level you’ll need to use your psychic abilities to guess the correct outcome 10 times in a row. This is the contract’s code: // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; contract CoinFlip { uint256 public consecutiveWins; uint256 lastHash; uint256 FACTOR = 57896044618658097711785492504343953926634992332820282019728792003956564819968; constructor() { consecutiveWins = 0; } function flip(bool _guess) public returns (bool) { uint256 blockValue = uint256(blockhash(block.number - 1)); if (lastHash == blockValue) { revert(); } lastHash = blockValue; uint256 coinFlip = blockValue / FACTOR; bool side = coinFlip == 1 ? true : false; if (side == _guess) { consecutiveWins++; return true; } else { consecutiveWins = 0; return false; } } } First, we need to get an instance for the challenge:

Sunday, April 19, 2026 | 3 minutes Read
Hero Image
Fal1out - The Ethernaut - writeup

The goal of this challenge is to claim ownership of the contract. This is its code: // SPDX-License-Identifier: MIT pragma solidity ^0.6.0; import "openzeppelin-contracts-06/math/SafeMath.sol"; contract Fallout { using SafeMath for uint256; mapping(address => uint256) allocations; address payable public owner; /* constructor */ function Fal1out() public payable { owner = msg.sender; allocations[owner] = msg.value; } modifier onlyOwner() { require(msg.sender == owner, "caller is not the owner"); _; } function allocate() public payable { allocations[msg.sender] = allocations[msg.sender].add(msg.value); } function sendAllocation(address payable allocator) public { require(allocations[allocator] > 0); allocator.transfer(allocations[allocator]); } function collectAllocations() public onlyOwner { msg.sender.transfer(address(this).balance); } function allocatorBalance(address allocator) public view returns (uint256) { return allocations[allocator]; } } Interacting with the contract is quite easy when solving The Ethernaut challenges:

Sunday, April 19, 2026 | 1 minute Read
Hero Image
Fallback - The Ethernaut - writeup

The goal of this challenge is to: Claim ownership of the contract Reduce its balance to 0 The challenge contract is the following: // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; contract Fallback { mapping(address => uint256) public contributions; address public owner; constructor() { owner = msg.sender; contributions[msg.sender] = 1000 * (1 ether); } modifier onlyOwner() { require(msg.sender == owner, "caller is not the owner"); _; } function contribute() public payable { require(msg.value < 0.001 ether); contributions[msg.sender] += msg.value; if (contributions[msg.sender] > contributions[owner]) { owner = msg.sender; } } function getContribution() public view returns (uint256) { return contributions[msg.sender]; } function withdraw() public onlyOwner { payable(owner).transfer(address(this).balance); } receive() external payable { require(msg.value > 0 && contributions[msg.sender] > 0); owner = msg.sender; } } Interacting with the contract is quite easy when solving The Ethernaut challenges:

Sunday, April 19, 2026 | 3 minutes Read