What Ethereum Smart Contract Hacking Looks Like

In this video you can see me working over 10h on hacking an Ethereum smart contract. The attack was done on a private chain, so no actual Ethereum users have been affected.
This was a challenge called `Montagy` from the Real World CTF 2019 competition.
Even though this was part of a competition, the methodology and technologies used are the tools used in real-life Ethereum hacking as well.

More Ethereum hacking:
- Ethereum Smart Contract Hacking #1 - Real World CTF 2018: https://www.youtube.com/watch?v=ozqOlUVKL1s
- Jump Oriented Programming: Ethereum Smart Contract #2 - Real World CTF 2018: https://www.youtube.com/watch?v=RfL3FcnVbJg
- Ethereum Smart Contract Backdoored Using Malicious Constructor:
https://www.youtube.com/watch?v=WP-EnGhIYEc

00:00:00 - Backstory
00:03:58 - Smart Contract Challenge Overview
00:20:17 - Blockchain Transaction Investigation
00:22:13 - Rough Plan & Research Setup
00:34:27 - Looking more into the Contracts
00:41:18 - Debugging with remix
01:08:43 - What we learned so far
01:09:31 - Researching custom hash
01:34:26 - Breaking hash algorithm with z3
02:02:37 - Realizing winning condition is different...
02:03:20 - Developing exploit pwn.js
02:15:10 - Exploit doesn't work... debugging.
02:31:30 - Exploit finally works
02:33:55 - Sending Exploit to the Team in China
02:35:05 - The Flag
02:36:10 - Opinion and Conclusion

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

Видео What Ethereum Smart Contract Hacking Looks Like канала LiveOverflow