fix FuzzyIdentity

minaminao · minaminao · commit 3d77a4f8f568 · 2025-07-21T12:28:25.000+09:00
diff --git a/foundry.lock b/foundry.lock
@@ -0,0 +1,26 @@
+{
+  "lib/forge-std": {
+    "tag": {
+      "name": "v1.9.7",
+      "rev": "77041d2ce690e692d6e03cc812b57d1ddaa4d505"
+    }
+  },
+  "lib/openzeppelin-contracts": {
+    "rev": "cae60c595b37b1e7ed7dd50ad0257387ec07c0cf"
+  },
+  "lib/solady": {
+    "rev": "7175c21f95255dc7711ce84cc32080a41864abd6"
+  },
+  "lib/v2-core": {
+    "rev": "ee547b17853e71ed4e0101ccfd52e70d5acded58"
+  },
+  "lib/foundry-huff": {
+    "rev": "7648faf3990cc4561d52b71af03282fad3a803d8"
+  },
+  "lib/prb-math": {
+    "rev": "77fa88eda4a4a91b3f3e9431df291292c26b6c71"
+  },
+  "lib/solmate": {
+    "rev": "bfc9c25865a274a7827fea5abf6e4fb64fc64e6c"
+  }
+}
diff --git a/lib/forge-std b/lib/forge-std
@@ -1 +1 @@
-Subproject commit 1714bee72e286e73f76e320d110e0eaf5c4e649d
+Subproject commit 77041d2ce690e692d6e03cc812b57d1ddaa4d505
diff --git a/src/CaptureTheEther/FuzzyIdentity/Exploit.t.sol b/src/CaptureTheEther/FuzzyIdentity/Exploit.t.sol
@@ -20,14 +20,17 @@ contract ExploitTest is Test {
 
         Create2Deployer deployer = new Create2Deployer();
         assert(address(deployer) == deployerAddr);
-        bytes32 salt = bytes32(uint256(787669)); // found by _testSearchSalt
+        bytes32 salt = bytes32(uint256(3289423)); // found by _testSearchSalt
         address exploitAddr = deployer.deploy(vm.getCode("Exploit.t.sol:FuzzyIdentityExploit"), salt);
         FuzzyIdentityExploit(exploitAddr).exploit(address(challenge));
 
         vm.stopPrank();
         assertTrue(challenge.isComplete(), "Challenge is not complete");
     }
 
+    // this function is used to find the salt, but it uses a lot of gas, so it should be called only once.
+    // usually, the function name changes to `_testSearchSalt` after the salt is found.
+    // use the following command: forge test -vv
     function _testSearchSalt() public view {
         bytes memory creationCode = vm.getCode("Exploit.t.sol:FuzzyIdentityExploit");
         for (uint256 salt = 0; salt < (1 << 32); salt++) {
@@ -44,7 +47,7 @@ contract ExploitTest is Test {
                 id <<= 4;
             }
             if (bad) {
-                console.log("Salt found: %d", salt);
+                console.log("salt %d", salt);
                 break;
             }
         }
diff --git a/src/CaptureTheEther/FuzzyIdentity/FuzzyIdentityChallenge.sol b/src/CaptureTheEther/FuzzyIdentity/FuzzyIdentityChallenge.sol
@@ -9,8 +9,8 @@ contract FuzzyIdentityChallenge {
     bool public isComplete;
 
     function authenticate() public {
-        require(isSmarx(msg.sender));
-        require(isBadCode(msg.sender));
+        require(isSmarx(msg.sender), "Not smarx");
+        require(isBadCode(msg.sender), "Not bad code");
 
         isComplete = true;
     }

Original file line number	Diff line number	Diff line change
`@@ -20,14 +20,17 @@ contract ExploitTest is Test {`
`20`	`20`
`21`	`21`	`Create2Deployer deployer = new Create2Deployer();`
`22`	`22`	`assert(address(deployer) == deployerAddr);`
`23`		`- bytes32 salt = bytes32(uint256(787669)); // found by _testSearchSalt`
	`23`	`+ bytes32 salt = bytes32(uint256(3289423)); // found by _testSearchSalt`
`24`	`24`	`address exploitAddr = deployer.deploy(vm.getCode("Exploit.t.sol:FuzzyIdentityExploit"), salt);`
`25`	`25`	`FuzzyIdentityExploit(exploitAddr).exploit(address(challenge));`
`26`	`26`
`27`	`27`	`vm.stopPrank();`
`28`	`28`	`assertTrue(challenge.isComplete(), "Challenge is not complete");`
`29`	`29`	`}`
`30`	`30`
	`31`	`+ // this function is used to find the salt, but it uses a lot of gas, so it should be called only once.`
	`32`	+ // usually, the function name changes to `_testSearchSalt` after the salt is found.
	`33`	`+ // use the following command: forge test -vv`
`31`	`34`	`function _testSearchSalt() public view {`
`32`	`35`	`bytes memory creationCode = vm.getCode("Exploit.t.sol:FuzzyIdentityExploit");`
`33`	`36`	`for (uint256 salt = 0; salt < (1 << 32); salt++) {`
`@@ -44,7 +47,7 @@ contract ExploitTest is Test {`
`44`	`47`	`id <<= 4;`
`45`	`48`	`}`
`46`	`49`	`if (bad) {`
`47`		`- console.log("Salt found: %d", salt);`
	`50`	`+ console.log("salt %d", salt);`
`48`	`51`	`break;`
`49`	`52`	`}`
`50`	`53`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,8 +9,8 @@ contract FuzzyIdentityChallenge {`
`9`	`9`	`bool public isComplete;`
`10`	`10`
`11`	`11`	`function authenticate() public {`
`12`		`- require(isSmarx(msg.sender));`
`13`		`- require(isBadCode(msg.sender));`
	`12`	`+ require(isSmarx(msg.sender), "Not smarx");`
	`13`	`+ require(isBadCode(msg.sender), "Not bad code");`
`14`	`14`
`15`	`15`	`isComplete = true;`
`16`	`16`	`}`