This is Part 2 of the “Let’s play EVM Puzzles” series, where I will explain how to solve each puzzle challenge.
EVM Puzzles is a project developed by Franco Victorio (@fvictorio_nan) that is a perfect fit if you are in the process of learning how the Ethereum EVM works, and you want to apply some of the knowledge you have just acquired.
EVM Puzzle 2
00 34 CALLVALUE
01 38 CODESIZE
02 03 SUB
03 56 JUMP
04 FD REVERT
05 FD REVERT
06 5B JUMPDEST
07 00 STOP
08 FD REVERT
09 FD REVERT
The problem is similar to the Puzzle 1 challenge, where we need to find a way to have in the EVM Stack the correct value when the JUMP
opcode is executed. We need to have into the stack the value 6
to land in a valid JUMPDEST
opcode.
Let’s review each operation and plan ahead
CALLVALUE
as we know from the previous, challenge will push themsg.value
(inwei
) to the stack- CODESIZE push into the stack the contract’s code size in
bytes
- SUB pop two values from the stack, subtract V1 (position 1 in the stack) from V0 (position 0 in the stack), pushing the result of the operation into the stack
This would be the stack before the SUB
opcode:
| POSITION | VALUE | REASON |
| — — — — — | — — — — | — — — - - - - - - - - |
| #0 | V1 | pushed by `CODESIZE` |
| #1 | V0 | pushed by `CALLVALUE` |
After `SUB` the stack would have the value V0-V1
(CODESIZE — CALLVALUE
). It’s important to remember that the EVM Stack operates as a LIFO (last in, first out) queue.
Solution
The contract code is nothing more than the ordered list of Opcodes that will be executed by the EVM. Each opcode is 1 byte
so CODESIZE
op will push the value 0x0A
to the stack (hex conversion of 10 in decimal).
To have 6
as the result of SUB
we need CALLVALUE
to push the value 4
into the Stack to make JUMP
the PC
jump to the sixth position of our code.
Here’s the link to the solution of Puzzle 2 on EVM Codes website to simulate it.