EVM Puzzles Challenge 4 · A Sphynx Cat's Blog

Challenge:

Our fourth challenge is located in /puzzles/puzzle_4.json. Challenge 4 contains the following:

{
  "code": "34381856FDFDFDFDFDFD5B00",
  "askForValue": true,
  "askForData": false
}

Hint 1:

The corresponding EVM opcodes are:

CALLVALUE	
CODESIZE	
XOR	
JUMP	
REVERT	
REVERT	
REVERT	
REVERT	
REVERT	
REVERT	
JUMPDEST	
STOP

Hint 2:

CALLVALUE takes the value of the current call in wei
and places it on top of the stack. 
CODESIZE takes the size of the code 
and places it on the top of the stack.
XOR performs a bitwise xor on the top 2
values on the stack and pushes the result
to the top of the stack.


How can we JUMP over the 6 REVERT 
opcodes and land on the JUMPDEST?

Hint 3:

The CODESIZE is 12 or c in Hex


1  2  3  4  5  6  7  8  9  a  b  c
34 38 18 56 FD FD FD FD FD FD 5B 00

Hint 4:

X ^ 0x0C = JUMPDEST offset

Solve for X

Hint 5:

CALLVALUE  //Offset 0
CODESIZE   //Offset 1
XOR        //Offset 2
JUMP       //Offset 3
REVERT     //Offset 4
REVERT     //Offset 5	
REVERT     //Offset 6	
REVERT     //Offset 7	
REVERT     //Offset 8	
REVERT     //Offset 9	
JUMPDEST   //Offset a	
STOP       //Offset b

Solution:

To solve this level, we just need to pass in a value of 6 
wei. This way CALLVALUE places 6 on the top of the stack.
CODESIZE will then push 'c' to the top of the stack. 
XOR will perform 6 ^ 'c' and push 'a' to the top of the stack 
and JUMP performs a valid jump over the REVERT calls to JUMPDEST.

Challenge:

Related Posts

More EVM Puzzles Part 2 22 Sep 2022

More EVM Puzzles Part 1 20 Sep 2022

Paradigm CTF 2021: bouncer 07 Aug 2022