Ethernaut(Lvl 17 ): Recover lost tokens
Find whats lost on the blockchain.
Table of contents
It's not uncommon for Solidity developers to encounter the challenge of misplacing the address of a newly created contract. This oversight can lead to frustration, especially when compounded by the loss of transaction receipts and other methods of tracing one's actions.
In such situations, it's essential to have alternative methods for retrieving the contract address. One approach involves examining the raw sender information associated with the transaction that deployed the contract. By delving into the details of the transaction, including sender addresses and transaction hashes, developers can often locate the contract address.
Another method involves leveraging external blockchain explorers such as Etherscan. These platforms provide comprehensive blockchain data, including transaction details and contract addresses. By searching for the transaction hash associated with the contract deployment, developers can quickly retrieve the contract address from platforms like Etherscan.
The Challenge
The challenge involves a very simple token factory contract. Anyone can create new tokens with ease. After deploying the first token contract, the creator sent 0.001
ether to obtain more tokens. They have since lost the contract address.
This level will be completed if you can recover the 0.001
ether from the lost contract address.
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
contract Recovery {
//generate tokens
function generateToken(string memory _name, uint256 _initialSupply) public {
new SimpleToken(_name, msg.sender, _initialSupply);
}
}
contract SimpleToken {
string public name;
mapping (address => uint) public balances;
// constructor
constructor(string memory _name, address _creator, uint256 _initialSupply) {
name = _name;
balances[_creator] = _initialSupply;
}
// collect ether in return for tokens
receive() external payable {
balances[msg.sender] = msg.value * 10;
}
// allow transfers of tokens
function transfer(address _to, uint _amount) public {
require(balances[msg.sender] >= _amount);
balances[msg.sender] = balances[msg.sender] - _amount;
balances[_to] = _amount;
}
// clean up after ourselves
function destroy(address payable _to) public {
selfdestruct(_to);
}
}
We would be solving this contract by employing the second method listed earlier .
It is a quicker method of obtaining the new contract address from the creator, Etherscan provides a straightforward solution.
Navigate to Etherscan and search for your current contract by its address.
Within the Internal Txns tab of your contract's page, locate the most recent contract creation transaction.
Click on the corresponding link to access the details of the new contract created.
Upon accessing the details of the new contract, you will find the new contract address displayed prominently at the top left-hand corner of the page.
Get the address of the contract creator Recovery.sol in the console via
instance
In Remix Injected Web3, retrieve
SimpleToken.sol
by its address. Remember the contract has to be pasted in remix so its ABI is generated.Invoke
destroy(YOUR_WALLET_ADDR)
to withdraw the remaining0.001
ethers. As we learned earlier, selfdestruct will forward all remaining funds prior to destroying this contract.
Developer TidBits
It's important to note that anonymity on the Ethereum blockchain is limited. Transaction traces and contract addresses can be publicly accessed and monitored by anyone. By analyzing these transaction patterns and monitoring future contract addresses, individuals can potentially uncover the real-world identity of Ethereum users. This level of transparency raises privacy concerns and underscores the importance of implementing robust security measures and adhering to regulatory standards to prevent illicit activities and ensure the integrity of the blockchain ecosystem.