Skip to content
Advertisement

Decode constructor arguments in solidity

I playing Ethernaut Level 8. The goal is to get access to the private password state variable and unlock the contract.

I know one could use await contract.unlock(await web3.eth.getStorageAt(contract.address, 1));, but I want to find the password decoding the input data of the contract creation. Here is the contract.

I tried await contract.unlock("f94b476063b6379a3c8b6c836efb8b3e10ede188") but that didn’t work.

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

contract Vault {
  bool public locked;
  bytes32 private password;

  constructor(bytes32 _password) public {
    locked = true;
    password = _password;
  }

  function unlock(bytes32 _password) public {
    if (password == _password) {
      locked = false;
    }
  }
}

Advertisement

Answer

If the contract is verified, it is possible to go to the contract section, scroll down to Contract Creation Code and read the last 32 bytes (64 characters of the bytecode) which in this case is 0x412076657279207374726f6e67207365637265742070617373776f7264203a29.

it is 32 bytes because the password state variable is declared like this:

bytes32 private password;

To solve the challenge type:

await contract.unlock("0x412076657279207374726f6e67207365637265742070617373776f7264203a29")
User contributions licensed under: CC BY-SA
1 People found this is helpful
Advertisement