Ethernaut DAO Weekly Challenges

Recopilation of Ethernaut DAO's weekly challenges.

How to use:

1. Clone this repo.
2. Complete the challenges on ./test/.
3. Verify the result running yarn test.

Index

1. Private Data
2. Wallet
3. Car Market
4. Vending Machine
5. Ethernaut DAO Token
6. Hackable
7. Switch
8. Vulnerable NFT

Private Data

Challenge

Link to tweet

Goal: Take ownership of the contract.

Challenge File here

Run it with yarn private-data

Solution Write Up

You can access all the contract storage even though some slots are marked as private there is no private data onchain actually.

Using ethers.js and calling ethers.provider.getStorageAt(target.address, 8) we can get the secretKey value and use it by calling takeOwnership and taking ownership of it.

Wallet

Link to tweet

Goal: Add ourselves to the list of owners.

Challenge File here

Run it with yarn wallet

Car Market

Link to tweet

Goal: Be able to mint and own two cars.

Challenge File here

Run it with yarn car-market

Solution Write Up

There are two different balances. On the flashLoan function the balance sent to the caller is market balance (through delegatecall) but the validation is being made using the factory balance. So, you can get all market balance for free and purchase a second car using it.

Vending Machine

Link to tweet

Goal: To drain all the balance from the contract.

Challenge File here

Run it with yarn vending-machine

Ethernaut DAO Token

Link to tweet

Challenge File here

Run it with yarn ethernaut-dao-token

Hackable

Challenge File here

Run it with yarn hackable

Switch

Link to tweet

Challenge File here

Run it with yarn switch

Vulnerable NFT

Link to tweet

Challenge File here

Run it with yarn vulnerable-nft

---

Ethernaut DAO Discord