EVM Puzzles from perspective of an outsider
Recently, I came across one of the more interesting reads which I think, will be useful for me along with many others who wish to dig deeper into the internals of EVM, get their hands dirty.
Without boring you with detail you may not have time to read (who has?), here’s the link to get you started: https://stermi.medium.com/lets-play-evm-puzzles-learning-ethereum-evm-while-playing-43a8354a02b3.
The first puzzle
After setting up the repo locally with:
git clone https://github.com/fvictorio/evm-puzzles.git
cd evm-puzzles
npm install
npx hardhat playWe are greeted with:
############
# Puzzle 1 #
############00 34 CALLVALUE
01 56 JUMP
02 FD REVERT
03 FD REVERT
04 FD REVERT
05 FD REVERT
06 FD REVERT
07 FD REVERT
08 5B JUMPDEST
09 00 STOP? Enter the value to send: (0)
We begin by looking into puzzles/puzzle_1.json, the code section looks exactly like the opcodes we see in terminal.
How should we begin interpreting this? We see addresses in the first column, the opcodes in the second (refer https://www.evm.codes/ for opcode definitions) and the interpretation of opcodes in the third column. The puzzle is said to be solved if we can somehow execute the bytecode with correct inputs so as to not let it revert. Hmm.
We know that 02 through 07 (addresses, first column) will make the EVM revert if executed. So, we should not hit them.
Thankfully, we have 34 a.k.a CALLVALUE initially which can load a value onto stack and the instruction just after it can make the execution jump to location that it sees on top of the stack. Awesome.
How about putting 08 onto the stack using the first instruction, the second one (JUMP) picks it up and makes the EVM jump onto 08 which is JUMPDEST, and let the execution complete at 09.
Putting in 08 as the “value to send: (0)” seems to solve the puzzle. Hurray, with basic knowledge of how assembly works, we seem to have solved the problem.
