6
BTW @[email protected] was right. Anyone can view the contract deployment transaction and see the value of secretNumber that was passed as an argument to the constructor.
this post was submitted on 14 Jun 2023
6 points (100.0% liked)
cryptocurrency
2630 readers
3 users here now
The largest cryptocurrency community on the Fediverse!
Lemmy community dedicated to cryptocurrency news, technicals, education, memes and so more!
💬 Chat on Community Improvements and Development
Community Knowledge Base:
Be nice, have fun.
Community rules:
- No Spam
- No ads
- No aggressive coin promotion or attacks on others
- No ICOs / IEOs / STOs / token (pre)sales / scam schemes promotion
- No trading/buying crypto discussions
- No promotion of trading groups, courses, signal groups, or other trade groups
- No pumping and shilling
- No casinos, giveaways, faucets, begging
- No price speculation posts
- No trolling
General lemmy.ml instance rules applicable here too.
Ugly brother of this community: bωockchain
For a community devoted to cryptography itself, visit c/cryptography
founded 5 years ago
MODERATORS
It is definitely a trick question and code intentionally made to be vulnerable to have fun finding what's wrong and why it is bad practice to do so :)
For those that want to have an actual go at it: when deploying it with hardhat for example, you can pass in Math.floor(Math.random()*1000) as the constructor argument in the deploy script, and then see if you can derive the number on the first guess.
The formula will return a specific result of uint256 type which will be used in constructor on deployment, right? 😉
Yeah, this way you don't know what the number is until you actually figure out the vulnerability.