2021-09-12
[public] 48.4K views, 6.91K likes, 23.0 dislikes audio only
In this video you can see me working over 10h on hacking an Ethereum smart contract. The attack was done on a private chain, so no actual Ethereum users have been affected.
This was a challenge called `Montagy` from the Real World CTF 2019 competition.
Even though this was part of a competition, the methodology and technologies used are the tools used in real-life Ethereum hacking as well.
More Ethereum hacking:
- Ethereum Smart Contract Hacking #1 - Real World CTF 2018: /youtube/video/ozqOlUVKL1s
- Jump Oriented Programming: Ethereum Smart Contract #2 - Real World CTF 2018: /youtube/video/RfL3FcnVbJg
- Ethereum Smart Contract Backdoored Using Malicious Constructor:
00:00:00 - Backstory
00:03:58 - Smart Contract Challenge Overview
00:20:17 - Blockchain Transaction Investigation
00:22:13 - Rough Plan & Research Setup
00:34:27 - Looking more into the Contracts
00:41:18 - Debugging with remix
01:08:43 - What we learned so far
01:09:31 - Researching custom hash
01:34:26 - Breaking hash algorithm with z3
02:02:37 - Realizing winning condition is different...
02:03:20 - Developing exploit pwn.js
02:15:10 - Exploit doesn't work... debugging.
02:31:30 - Exploit finally works
02:33:55 - Sending Exploit to the Team in China
02:35:05 - The Flag
02:36:10 - Opinion and Conclusion
-=[ ā¤ļø Support ]=-
ā per Video: https://www.patreon.com/join/liveoverflow
ā per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ š Social ]=-
ā Twitter: https://twitter.com/LiveOverflow/
ā Website: https://liveoverflow.com/
ā Subreddit: https://www.reddit.com/r/LiveOverflow/
ā Facebook: https://www.facebook.com/LiveOverflow/