You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/NumenCTF/README.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -72,7 +72,7 @@ The most difficult of the above conditions is to match the return value of `stat
72
72
Since the state cannot be changed by `staticcall`, some external data must be obtained in the called contract, and `i` must be inferred from them.
73
73
This is easily solved by using the `GAS` opcode.
74
74
As the loop proceeds, the remaining gas decreases, and `i` can be estimated based on that.
75
-
The `GAS` consumed in one loop can be measured locally and hard-coded into the contract.
75
+
The gas consumed in one loop can be measured locally and hard-coded into the contract.
76
76
77
77
The code of the solver is below.
78
78
Since errors are troublesome, it is easier to insert an opcode that consumes more gas (such as `BALANCE`) as appropriate.
@@ -541,12 +541,12 @@ contract Verifier {
541
541
First, I checked the addresses of the `owners` and found that these are the initial addresses of Remix and that the secret key is known (see [reference](https://github.com/ethereum/remix-project/blob/d13fea7e8429436de6622d855bf75688c664a956/libs/remix-simulator/src/methods/accounts.ts)).
542
542
Thus, it is easy to forge signatures. However, when I executed an exploit that used forged signatures, it failed.
543
543
544
-
I found out why it failed: in the `verify` function, the `holder.user` was set to `0`. This is a bug that existed by Solidity 0.8.15, ["Head Overflow Bug in Calldata Tuple ABI-Reencoding"](https://blog.soliditylang.org/2022/08/08/calldata-tuple-reencoding-head-overflow-bug/). Actually, the version of this source code is set at `pragma solidity 0.8.15;`.
544
+
I found out why it failed: in the `verify` function, the `holder.user` was set to `0`. This is a bug that existed by Solidity 0.8.15, ["Head Overflow Bug in Calldata Tuple ABI-Reencoding"](https://blog.soliditylang.org/2022/08/08/calldata-tuple-reencoding-head-overflow-bug/). Actually, the version of this source code is set at `pragma solidity 0.8.15;`.
545
545
546
546
Then, how can the `require` statement be satisfied? The signature `v` given in this `verify` function can be set to any value. If the `v` of the signature is an inappropriate value, the return value of `ecrecover` can be `0`.
547
547
This can be used to satisfy the `require` statement.
548
548
549
-
Therefore, write the following contraption. As a result, the private keys of `owners` are not needed.
549
+
Therefore, write the following contract. As a result, the private keys of `owners` are not needed.
0 commit comments