2021-09-12

[public] 48.4K views, 6.90K likes, 23.0 dislikes audio only

LiveOverflow

In this video you can see me working over 10h on hacking an Ethereum smart contract. The attack was done on a private chain, so no actual Ethereum users have been affected.

This was a challenge called `Montagy` from the Real World CTF 2019 competition.

Even though this was part of a competition, the methodology and technologies used are the tools used in real-life Ethereum hacking as well.

More Ethereum hacking:

- Ethereum Smart Contract Hacking #1 - Real World CTF 2018: /youtube/video/ozqOlUVKL1s

- Jump Oriented Programming: Ethereum Smart Contract #2 - Real World CTF 2018: /youtube/video/RfL3FcnVbJg

- Ethereum Smart Contract Backdoored Using Malicious Constructor:

/youtube/video/WP-EnGhIYEc

00:00:00 - Backstory

00:03:58 - Smart Contract Challenge Overview

00:20:17 - Blockchain Transaction Investigation

00:22:13 - Rough Plan & Research Setup

00:34:27 - Looking more into the Contracts

00:41:18 - Debugging with remix

01:08:43 - What we learned so far

01:09:31 - Researching custom hash

01:34:26 - Breaking hash algorithm with z3

02:02:37 - Realizing winning condition is different...

02:03:20 - Developing exploit pwn.js

02:15:10 - Exploit doesn't work... debugging.

02:31:30 - Exploit finally works

02:33:55 - Sending Exploit to the Team in China

02:35:05 - The Flag

02:36:10 - Opinion and Conclusion

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Website: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/