Challenge 9 - forge questions (SPOILERS!!!!)

[RichardPalladino]

I'm attempting to use a forge script to solve the challenge, but it keeps failing.

For example, I have an interface to the challenge contract and the following function to attempt to solve the challenge:

    function solveChallenge(address _challengeAddress) public {
        console.log("Attempting to solve challenge on blockchain # %s", block.chainid);

            console.log("Current address: %s", msg.sender);
            console.log("Challenge address: %s", _challengeAddress);
            uint256 guess = uint256(keccak256(abi.encodePacked(msg.sender, block.prevrandao, block.timestamp))) % 100000;
            console.log("Guess: %s", guess);
            Challenge challenge = Challenge(_challengeAddress);
            challenge.solveChallenge(guess, "0xPallad1n0");
    }

I can see that msg.sender in the script itself is correct, but do scripts work like a regular deployed contract where the msg.sender becomes tx.origin when calling the challenge contract?

If so, are there any Foundry/forge cheatcodes or techniques so my actual wallet address is set as msg.sender when solving the challenge?

[Jaseempk]

Hey, have you tried using vm.prank() function?
I think it can specify the address you specify as msg.sender

[RichardPalladino]

Yes. Tried that. It gave me an error when I placed it within a vm.startBroadcast() stanza.

[RichardPalladino]

To be a little more clear:

A single private key may use many active public addresses that it signs for. How do I run operations as one public address or another within a script, while operating and broadcasting to a live public chain (i.e., not a fork, though I'd also want to know how to do this on a fork).

[RichardPalladino]

Am I wrong in observing that there has been no successful challenge 9 solution?

I look on Sepolia etherscan and arbiscan and it appears all transactions are failed / reverted.

[asobiesk]

Transactions are only interactions with the human-managed accounts, not smart contracts. So, no successful transactions in etherscan means that no one has solved the challenge using a transaction from their account. People could still solve it using a smart contract and it will not be visible there since those are calls, not transactions.

[RichardPalladino]

Cool. I reviewed the twitter bot though and it seems like no one has done it yet. (At least not since the bot was deployed.)

[john-lawniczak]

Richard, do you have a link to the twitter bot?

Thanks

[0xSimeon]

IIRC, @PatrickAlphaC posted that someone has solved all 15 challenges. That was like a week after the course went live.

[john-lawniczak]

You can see all token holders. However, this contract is particular in that he said it can be solved without deploying a new contract. This is for Sepolia obviously, and not Arbitrum.

[asobiesk]

I think what you are trying to do is to force your contract to solve the challenge pretending to be your account, so that the reward NFT will be sent to your account. You can't do that. The msg.sender will always be the address of your contract calling the solveChallenge() function.

There is however a way to solve the challenge using a contract and still receive the NFT to your specified account. Here's a hint: If your contract will indisputably be the msg.sender in solveChallenge() function, it will be the one to receive NFT. Can you then maybe make your contract transfer the token to your account upon receiving it...?

[RichardPalladino]

Of course. And that's one way to do it. But Patrick said there was another way and I'm trying to figure out how to use Foundry's tools to do it without deploying a contract.

This question isn't just to solve the problem. I'm trying to learn the tools so I can get better at debugging deployed/live contracts and also so I can work on smart contract security better.

[asobiesk]

Got you. I think Patrick mentioned it's possible to solve the challenge with cast. I don't know how to do it though. I think that if anyone would have solved it with cast already, it would appear as a transaction on Etherscan. But if I'm wrong and there is someone here who figured that out, please share some hints with us, I'm really curious how to do it as well.

[Ynyesto]

But why can't you do that? Can't it be done with vm.startBroadcast(vm.envUint("PRIVATE_KEY")), as seen in lesson 9?? I don't get it 😑

[shrutic11]

Try using the following:
vm.prank(your_address);
vm.startPrank(your_address) to start sending transactions as the new user and by vm.stopPrank(); to stop sending those transactions.
These should not necessarily be used within the broadcast, rather before calling the broadcast.
vm.startBroadcast(); / vm.stopBroadcast (); should wrap the contract deployment and payable transactions.

Please share more details on the error to help you better.

Check the following links as well:
https://book.getfoundry.sh/cheatcodes/broadcast?highlight=broadcast#broadcast
https://book.getfoundry.sh/cheatcodes/prank?highlight=prank#prank

[RichardPalladino]

I'll try that in a bit. Nice thought.

[john-lawniczak]

I've been looking at this contract for some time to try and solve it without deploying an attack contract. I believe it (obviously) has to do with abi-decoding "correctAnswer" and the opcodes.

uint256 correctAnswer =
            uint256(keccak256(abi.encodePacked(msg.sender, block.prevrandao, block.timestamp))) % 100000;

We have the contract ABI, the deployed bytecode, and the block info. We know the msg.sender and the block.timestamp, so we need the block.prevrandao. I've been looking at the block.prevrandao EIP-4399 opcode; there seems to be something about the most recent block or parent block and finding the random number that way.

As of EVM < Paris block.prevrandao has deprecated ; it's now block.difficulty (uint)

block.prevrandao (uint): random number provided by the beacon chain (EVM >= Paris) (see [EIP-4399]

Revisiting: Using only Foundry, I think it's just a long intricate cast call which would be several lines long, including abi.encodepacked and a reference to the erc721 interface.

[RichardPalladino]

I don't think it has to do with correctAnswer directly. We have to provide the value of correctAnswer, which is uint256(keccak256(abi.encodePacked(msg.sender, block.prevrandao, block.timestamp))) % 100000.

How do we calculate the keccak256 value of the abi.encodePacked output msg.sender, block.prevrandao, and block.timestamp? Each of those change depending on time and msg.sender making the call. I haven't figured out how to pipe all those base factors into abi.encodePacked and then pipe that into keccak256 to make a cast call.

[john-lawniczak]

Yeah it's definitely tricky.

We could also try comparing the hash outputs and see if they're similar. Patrick uses a variation of asserting strings in Lesson 11 here.

I haven't spent much more time on the pure Foundry implementation though.

[0xshivay]

Although I have not solved it, but I have come close to solving it without deploying the contract.

We can use $(command) in linux terminal to insert the output of one command into another command. So we can do something like this

cast to-hex $(cast block latest --field timestamp --rpc-url $SEPOLIA_RPC_URL)

This command will first query and output the latest block's timestamp and then convert it into hex.

We can make similar commands for the rest of the uint256(keccak256(abi.encodePacked(msg.sender, block.prevrandao, block.timestamp))) % 100000 to input the final uint256 in contract with cast send.

I have also made the entire command to do so. But I am stuck at the final step. When I try to call the contract locally using the command line via cast call , it is executing correctly. But, once I call it via cast send with same command, it is reverting. Can someone tell why this is happening?

[Ynyesto]

Interesting!! I have no idea why it may not be working but props for getting this far! Keep us posted! :-)

[tbrannt]

I just solved this challenge with cast send. It was pretty hard. Didn't expect that given all challenges before (1-8) were pretty simple. So if someone has specific questions, I can give some hints

[tbrannt]

I'll get the data from the latest block and try to include the transaction in the very next block after that. That's why I needed the tool because it needs to be fast.
For a high chance to get into the next block include a sufficient fee. It's well doable on sepolia but I needed a handful of runs until it worked

[EngrPips]

Basically, you are using the block number of the current block in calculating the prevrando so as to use it in the next block and the transaction execution must not exceed the next block.

[ICREE8]

Friday 10:34 pm and yes, I am also going down this rabbit hole - don't mind me guys

[jtordgeman]

If its any consolation @ICREE8 im still down this rabbit hole.. havent figured out how to calculate that damn prevrando just yet...

[EngrPips]

Rabbit holes can be infinitely deep at times.