In this video we identify a backdoor and find the gadgets to do Jump-oriented Programming in a ethereum smart contract.
We learn how smart contracts written in solidity are deployed, and how it can be used to backdoor a contract.
This challenge was an amazing team effort. The final stage was a bash eval injection, but without using any letters or numbers.
I thought I know Ethereum smart contract security, but this challenge punched me in the face. This video goes over a basic first code review to understand the contract setup.
