Token
Contents
in this challenge we are given a simple token contract, we start with 20 tokens and our goal is to find a bug that allows us to get a large amount of tokens
Challenge Info
- Platform: Ethernaut
- Challenge: Token
- Category: Blockchain
| |
first lets check the 20 tokens we have using cast:

what this command does is simply send an eth_call which allows us to execute the view function locally in the node without spending any gas
now the description tells us to check odometer — the special thing about it is that it resets after reaching a certain max number, similar to overflows
in solidity versions before 0.8.0, overflow/underflow did happen and developers had to add custom checks or use libraries like safemath; in versions 0.8.x new opcodes have been added to arithmetic operations to prevent this
returning to the contract, the version is 0.6.0 which is vulnerable to underflow:
| |
the only check is require(balances[msg.sender] - _value >= 0) and the underflow applies here: if a contract has balance 0 and calls this with _value = 100, balances[msg.sender] - _value will be equal to type(uint256).max - 99 which is bigger than 0, so we bypass the require and get tokens without losing any
here is the solver script:
| |
executing it locally:

the exploit works fine, we just add the --broadcast flag to execute it remotely and gg the challenge is solved