Challenge:
Our fifth challenge is located in /puzzles/puzzle_5.json. Challenge 5 contains the following:
{
"code": "34800261010014600C57FDFD5B00FDFD",
"askForValue": true,
"askForData": false
}
Hint 1:
The corresponding EVM opcodes are:
CALLVALUE
DUP1
MUL
PUSH2 0100
EQ
PUSH1 0C
JUMPI
REVERT
REVERT
JUMPDEST
STOP
REVERT
REVERT
Hint 2:
CALLVALUE takes the value of the current call in wei
and places it on top of the stack.
DUP1 duplicates the value at the top of the stack
and places the duplicate on top of the original.
MUL multiplies the values on the top of the stack
and places the result on top of the stack
PUSH2 places the next two bytes onto the stack.
EQ checks if the top two items on the stack are equal
and places a 1 on the top of the stack if they are
and a 0 if they are not.
PUSH1 places the next byte onto the stack
JUMPI conditionally jumps to the location on the top
of the stack if the second value on the stack is anything
but 0.
How can we JUMPI over the 2 REVERT
opcodes and land on the JUMPDEST?
Hint 3:
Not all of the opcodes are 1 byte this time
Hint 4:
CALLVALUE //Offset 0
DUP1 //Offset 1
MUL //Offset 2
PUSH2 0100 //Offset 3
EQ //Offset 6
PUSH1 0C //Offset 7
JUMPI //Offset 9
REVERT //Offset a
REVERT //Offset b
JUMPDEST //Offset c
STOP //Offset d
REVERT //Offset e
REVERT //Offset f
Solution:
This puzzle is basically checking if the passed in value is
the square root of 0x100 (256 in decimal)
To solve this level, we just need to pass in a value of 16
wei. This way CALLVALUE places 0x10 on the top of the stack.
DUP will then place another 0x10 on top of it in the stack.
MUL will perform 0x10 * 0x10 and push 0x100 onto the top of the stack.
PUSH2 will place 0x100 on top of the stack and EQ will check that the
top two values of the stack are the same and place 1 on top of the stack.
PUSH1 will place 0x0C on the stack which is the offset location of
our JUMPDEST.
Finally, JUMPI performs a valid jump over the REVERT calls to JUMPDEST.