-
Notifications
You must be signed in to change notification settings - Fork 0
/
19. MagicNumber.sol
58 lines (38 loc) · 2.05 KB
/
19. MagicNumber.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
//SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
contract Attack {
event Log(address _addr);
function deploy() external {
bytes memory bytecode = hex"69602a60005260206000f3600052600a6016f3";
address _addr;
assembly {
_addr := create(0, add(bytecode, 0x20), 0x13) // add(...,0x20) -> 0x20 == 32 bytes that stores array's length, which we don't need; 0x13 == 19 bytes == size of bytecode
}
require(_addr != address(0));
emit Log(_addr);
}
}
/*
602a 6000 52 6020 6000 f3
69 602a60005260206000f3 6000 52 600a 6016 f3
69602a60005260206000f3600052600a6016f3
1. code that returns uint(42) == 602a60005260206000f3
602a 6000 52 6020 6000 f3:
1. 602a -> PUSH1 2a -> PUSH1 == 60, (42)_10 == (2a)_16 | we need to push 1 byte value into stack for mstore(p, v),
| where p is starting point in memory and v is what we store. Pushing in reverse order
2. 6000 -> PUSH1 00 -> 00 is 0x00 empty memory start
3. 52 -> MSTORE | stores data
4. 6020 -> (20)_16 == (32)_10 -> 32 bytes | we need to return all 32 bytes (and not 1 byte), because it safes 1 byte in 32 bytes slot (wtih first 31 bytes of zeros)
5. 6000 -> same as 2
6. f3 -> RETURN | return(p,s), where s is the length of returning data (32 bytes) and p is the starting point in memory
2. code that creates contract which returns uint(42) == 69602a60005260206000f3600052600a6016f3
69 602a60005260206000f3 6000 52 600a 6016 f3:
1. 69 -> PUSH10 | pushes 10 bytes, which is the length of the returning code above
2. 602a60005260206000f3 | the returning code, which is 10 bytes
3. 6000 52 | we store the returning code at 0x00
4. 600a -> (0a)_16 == (10)_10 -> 10 bytes
5. 6016 -> (16)_16 == (22)_10 -> 32 - 10 bytes | we only used 10 bytes for the returning code, first 22 bytes are zeros
6. f3
opcodes: https://ethervm.io/
solidity to opcode: https://www.evm.codes/playground?fork=merge
*/