damn-vulnerable-defi-foundry
damn-vulnerable-defi-foundry copied to clipboard
[Spoilers] Unable to sign transaction with other private key
I'm on compromised, and I've found some private keys, but I'm not sure it's possible to sign and "broadcast" transaction inside solidity
Is the intended solution to just vm.prankStart()
with the public address? so vm.prankStart(vm.addr(privkey))
Could you give me more details of what you are trying to do?
I found the private keys using the hex encoded base64 encoded hex string, but im unable to use them to sign transactions as that's not something you can do in solidity, and foundry/ds-test doesnt have any way to do it either, im quite certain. Instead i just pranked as the addresses the private keys corresponds to.
Is that the intended way to solve this challenge, it feels quite hacky?
https://github.com/joleeee/damn-vulnerable-defi-foundry/commit/ca831d835a44a50f3b131c76e9d7b454c9c45930#diff-8004eac9b4f173d074e60af7c5392a2712de47d034835039d8a2b9571860b9f1R77-R79
I guess that asserting that the public key that is one of the trusted sources from the private keys you found is "enough" as a proof that you found it and it's fair to use the vm.startPrank(address)
afterwards
https://github.com/iFrostizz/damn-vulnerable-defi-foundry/blob/aa8fcddd5d654a5ba82f900a5e965a776fae6043/test/Levels/compromised/Compromised.t.sol#L79-L98
A better solution would be to sign and send the transaction but I don't know if it's feasible with the cheatcodes
You can use vm.addr(privateKey)
to get the corresponding address. Then you can use startPrank/startBroadcast.