MENU

Practical Solidity Experiment #21 (Ethernaut – DoubleEntryPoint)

Do you know the offset of a parameter in the external function’s calldata area?

In order to extract a parameter from the calldata area directly, you have to know the offset. It requires you to know about the layout of calldata.
Calldata is a non-modifiable, non-persistent area where function arguments are stored, and behaves mostly like memory.
In other words, ABI encoded function data exists in there.
What is the rule to encode though?
Contract ABI stands for:

The Contract Application Binary Interface (ABI) is the standard way to interact with contracts in the Ethereum ecosystem, both from outside the blockchain and for contract-to-contract interaction. Data is encoded according to its type, as described in this specification. The encoding is not self describing and thus requires a schema in order to decode.

We assume the interface functions of a contract are strongly typed, known at compilation time and static. We assume that all contracts will have the interface definitions of any contracts they call available at compile-time.

You can understand the encoding rule of function parameters and use this knowledge to get the correct data offset you want to get in calldata.
Here is a good Solidity wargame inspired by Ethernaut.
Through that, you can practice calldata layout and also you will learn to make a Forta bot to prevent exploits.

https://github.com/maAPPsDEV/double-entry-point-attack

Sorry, the comment form is closed at this time.