Magic Num Carousel

Satisfy a sequence of magic number checks by deploying minimal bytecode contracts.

Vulnerable Code

Analyze the Solidity code below to find the vulnerability.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

interface ISolver {
    function whatIsTheMeaningOfLife() external view returns (uint256);
}

contract MagicNumCarouselMaster {
    ISolver public solver1;
    ISolver public solver2;
    address public player;

    constructor(address _player) {
        player = _player;
    }

    function setSolvers(address _solver1, address _solver2) public {
        require(msg.sender == player, "Not player");
        // Check bytecode size constraints
        uint256 size1;
        assembly { size1 := extcodesize(_solver1) }
        require(size1 <= 10, "Solver 1 too large"); // Example constraint

        uint256 size2;
        assembly { size2 := extcodesize(_solver2) }
        require(size2 <= 15, "Solver 2 too large"); // Example constraint

        solver1 = ISolver(_solver1);
        solver2 = ISolver(_solver2);
    }

    // Function to check if the sequence is satisfied
    function check() public view returns (bool) {
        require(address(solver1) != address(0) && address(solver2) != address(0), "Solvers not set");
        // Example sequence check
        uint256 result1 = solver1.whatIsTheMeaningOfLife();
        require(result1 == 42, "Solver 1 failed");

        // Maybe solver 2 depends on solver 1 or has different requirement
        uint256 result2 = solver2.whatIsTheMeaningOfLife();
        require(result2 == result1 + 1, "Solver 2 failed"); // Example: solver 2 needs 43

        return true;
    }
}

Submit Explanation

Explain the vulnerability and how to exploit it.

Your Explanation

Hints (5)

Just a little peak

Hint 1

Hint 2

Hint 3

Hint 4

Hint 5

Explanation

Discomfort = Learning

Magic Num Carousel

Unveil Explanation