Emanuele Ricci
EVM Puzzle 2 solution
This is Part 2 of the “Let’s play EVM Puzzles” series, where I will explain how to solve each puzzle challenge.
EVM Puzzles is a project developed by Franco Victorio (@fvictorio_nan) that a perfect fit if you are in the process of learning how the Ethereum EVM works and you want to apply some of the knowledge you have just acquired.
EVM Puzzle 2
00 34 CALLVALUE
01 38 CODESIZE
02 03 SUB
03 56 JUMP
04 FD REVERT
05 FD REVERT
06 5B JUMPDEST
07 00 STOP
08 FD REVERT
09 FD REVERT
The problem is similar to the [[Puzzle 1]] challenge where we need to find a way to have in the EVM Stack the correct value when the JUMP opcode is executed. We need to have into the stack the value 6 in order to land in a valid JUMPDEST opcode.
Let's review each operation and plan ahead
CALLVALUEas we know from the previous challenge will push themsg.value(in wei) to the stack- CODESIZE push into the stack the contract's code size in
bytes - SUB pop two values from the stack, subscract V1 (position 1 in the stack) from V0 (position 0 in the stack), pushing the result of the operation into the stack
This would be the stack before the SUB opcode:
| POSITION | VALUE | REASON |
|---|---|---|
| #0 | V1 | pushed by CODESIZE |
| #1 | V0 | pushed by CALLVALUE |
After SUB the stack would have the value V0-V1 (CODESIZE - CALLVALUE). It's important to remember that the EVM Stack operates as a LIFO (last in, first out) queue.
Solution
The contract code is nothing more than the ordered list of Opcodes that will be executed by the EVM. Each opcode is 1 byte so CODESIZE op will push the value 0x0A to the stack (hex conversion of 10 in decimal).
To have 6 as the result of SUB we need CALLVALUE to push the value 4 into the Stack in order to make JUMP the PC jump to the sixth position of our code.
Here's the link to the solution of Puzzle 2 on EVM Codes website to simulate it.