The level URL is https://ethernaut.openzeppelin.com/level/28
It seems to me that the auto-generated external view function allow_entrance()
can not be called.
Executing await contract.allow_entrance()
would result in an error.
The contract GatekeeperThree definitely has a function called allow_entrance()
contract GatekeeperThree {
address public owner;
address public entrant;
bool public allow_entrance;
SimpleTrick public trick;
......
}
I believe the methodID for allow_entrance
should be 0x33c13786
as
web3.utils.keccak256('allow_entrance()').slice(0, 10)
'0x33c13786'
However, by decompiling the contract with panoramix, it shows me that the method has a different methodID (0x0e6e4b14)
def storage:
owner is address at storage 0
unknown0e6e4b14 is uint8 at storage 1 offset 160
entrant is address at storage 1
stor1 is uint256 at storage 1
trickAddress is address at storage 2
def unknown0e6e4b14(): # not payable
return bool(unknown0e6e4b14)
def trick(): # not payable
return trickAddress
def owner(): # not payable
return owner
def entrant(): # not payable
return entrant
unknown0e6e4b14
is the only uint8 in the contract storage, so it must be the variable allow_entrance
.
If my analysis is correct, the method name for allow_entrance
must be incorrect, but I don't know what method name resulted in this wrong methodID 0x0e6e4b14