Today gonna solve the last blockchain challenge from Cyber Apocalypse 2023 Hackthon

Summary : This challenge to be done you need to create a smart contract to interact with the target using a the external function

Challenge :

image

Ok lets download the Files and get the information from the docker :

image

There are two files :

Setup.sol

// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.18;

import {HighSecurityGate} from "./FortifiedPerimeter.sol";

contract Setup {
    HighSecurityGate public immutable TARGET;

    constructor() {
        TARGET = new HighSecurityGate();
    }

    function isSolved() public view returns (bool) {
        return TARGET.strcmp(TARGET.lastEntrant(), "Pandora");
    }
}

FortifiedPerimeter.sol

pragma solidity ^0.8.18;


interface Entrant {
    function name() external returns (string memory);
}

contract HighSecurityGate {
    
    string[] private authorized = ["Orion", "Nova", "Eclipse"];
    string public lastEntrant;

    function enter() external {
        Entrant _entrant = Entrant(msg.sender);

        require(_isAuthorized(_entrant.name()), "Intruder detected");
        lastEntrant = _entrant.name();
    }

    function _isAuthorized(string memory _user) private view returns (bool){
        for (uint i; i < authorized.length; i++){
            if (strcmp(_user, authorized[i])){
                return true;
            }
        }
        return false;
    }

    function strcmp(string memory _str1, string memory _str2) public pure returns (bool){
        return keccak256(abi.encodePacked(_str1)) == keccak256(abi.encodePacked(_str2)); 
    }
}

Lets go to Remix IDE and paste the Target Smart Contract to see how works and what need to do yo bypass the security

First at all we need to understad what the Setup.sol needs to solve the challenge :

image

Ok lets see now the Target smart contract in this case FortifiedPerimeter.sol :

image

Ok so to solve this we need to bypass the enter function and register us like pandora, but how we can do that ?

To do that you need to understand the Interface and the external function that they have

An external function can only be called for external interaction, so this mean if we compile this smart contract and try to run wihout do nothing the enter function is gonna revert with an error , this is because the name function declared in the Interface has no returned value

So to solve this is gonna a be a little bit more difficult than the other challenges, because we need to create a smart contract to interact and modify the name function to bypass the enter funcion flow

Let me show you my attack smart contract and explain it for you, here a simple screenshot of the smart contract attack :

Attack.sol

image

Ok let me explain to you how its work, is so simple : image

Lets go more in deep of the flow : image

So when the flow is gonna be called in the Target Smart Contract, in this case “FortifiedPerimeter” we can bypass the whitelist and we can run the enter function, let me draw it :

image

And thats it, so lets deploy the smart contracts and see what happend after the attack :

  • Creating the Smart Contract Attack image

  • Running the Attack function : image

  • Result of the Attack :

image

So all is done, now just only connect to the docker and claim the flag :) : image