✅

Puzzle 9

Puzzle
############
# Puzzle 9 #
############
​
00      36        CALLDATASIZE
01      6003      PUSH1 03
03      10        LT
04      6009      PUSH1 09
06      57        JUMPI
07      FD        REVERT
08      FD        REVERT
09      5B        JUMPDEST
0A      34        CALLVALUE
0B      36        CALLDATASIZE
0C      02        MUL
0D      6008      PUSH1 08
0F      14        EQ
10      6014      PUSH1 14
12      57        JUMPI
13      FD        REVERT
14      5B        JUMPDEST
15      00        STOP
​
? Enter the value to send: (0) 
Solution
Chunk 1
00      36        CALLDATASIZE
01      6003      PUSH1 03
03      10        LT
04      6009      PUSH1 09
06      57        JUMPI
07      FD        REVERT
08      FD        REVERT
09      5B        JUMPDEST
Pseudocode:
if (0x03 < calldata_size) {
    jump(0x09);
}
else {
    revert();
}
=> We want calldata_size > 3.
Chunk 2
0A      34        CALLVALUE
0B      36        CALLDATASIZE
0C      02        MUL
0D      6008      PUSH1 08
0F      14        EQ
10      6014      PUSH1 14
12      57        JUMPI
13      FD        REVERT
14      5B        JUMPDEST
15      00        STOP
Pseudocode:
if (msg.value * calldata_size == 0x08) {
    jump(0x014);
}
else {
    revert();
}
=> We want msg.value * calldata_size == 0x08.
Building calldata
Since calldata_size > 3, we can pick calldata_size == 4 and msg.value == 2. Here calldata can be any 4-byte string, for example, 0xdeadbeef.

Puzzle 8

Puzzle 10

Last modified 1d ago