Description:
You are a magician, Just wave your wand and magically bypass the password required to mint these NFTs.”
How to Submit a Solution:
Use the below submission form to submit the solution: https://quillaudits.typeform.com/QuillCTF
Objective of CTF
Retrieve the password from IPassManager and mint at least 10 NFTs.
Note: You can create POCs using Foundry/Hardhat. Without proper POC, your submissions will not be accepted.
Contract Code:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {ERC721} from "lib/openzeppelin-contracts/contracts/token/ERC721/ERC721.sol";
interface IPassManager {
function read(bytes32) external returns (bool);
}
contract GoldNFT is ERC721("GoldNFT", "GoldNFT") {
uint lastTokenId;
bool minted;
function takeONEnft(bytes32 password) external {
require(
IPassManager(0xe43029d90B47Dd47611BAd91f24F87Bc9a03AEC2).read(
password
),
"wrong pass"
);
if (!minted) {
lastTokenId++;
_safeMint(msg.sender, lastTokenId);
minted = true;
} else revert("already minted");
}
}
Foundry setUp:
This challenge involves interacting with an on-chain contract deployed on the Goerli Testnet. Therefore, we need to fork the Goerli chain to run tests.
// SPDX-License-Identifier: MIT
pragma solidity 0.8.7;
import "forge-std/Test.sol";
import "../src/GoldNFT.sol";
contract Hack is Test {
GoldNFT nft;
HackGoldNft nftHack;
address owner = makeAddr("owner");
address hacker = makeAddr("hacker");
function setUp() external {
vm.createSelectFork("goerli", 8591866);
nft = new GoldNFT();
}
function test_Attack() public {
vm.startPrank(hacker);
// solution
assertEq(nft.balanceOf(hacker), 10);
}
}