π° Randomness is tricky on a public deterministic blockchain. The block hash is the result proof-of-work (for now) and some builders use this as a weak form of randomness. This challenge will give you an example of a contract using block hash to create random numbers. This randomness is exploitable. Other, stronger forms of randomness include commit/reveal schemes, oracles, or VRF from Chainlink.
π One day soon, randomness will be built into the Ethereum protocol!
π¬ Dice Game is a contract that allows users to roll the dice to try and win the prize. If players roll either a 0, 1, or 2 they will win the current prize amount. The initial prize is 10% of the contract's balance, which starts out at .05 Eth.
𧀠Every time a player rolls the dice, they are required to send .002 Eth. 40 percent of this value is added to the current prize amount while the other 60 percent stays in the contract to fund future prizes. Once a prize is won, the new prize amount is set to 10% of the total balance of the DiceGame contract.
𧨠Your job is to attack the Dice Game contract! You will create a new contract that will predict the randomness ahead of time and only roll the dice when you're guaranteed to be a winner!
π¬ Meet other builders working on this challenge and get help in the Challenge 3 telegram!
=======
Want a fresh cloud environment? Click this to open a gitpod workspace, then skip to Checkpoint 1 after the tasks are complete.
challenge-3-dice-game
git clone https://github.com/scaffold-eth/scaffold-eth-challenges.git challenge-3-dice-game
cd challenge-3-dice-game
git checkout challenge-3-dice-game
yarn installYou'll have three terminals up for:
yarn chain (hardhat backend)
yarn start (react app frontend)
yarn deploy (to compile, deploy, and publish your contracts to the frontend)π Visit your frontend at http://localhost:3000
π©βπ» Rerun
yarn deploy --resetwhenever you want to deploy new contracts to the frontend.
<<<<<<< HEAD
=======
π Inspect the code in the DiceGame.sol contract in packages/hardhat/contracts
π You will not be changing any code in the DiceGame.sol contract in this challenge. You will write your own contract to predict the outcome, then only roll the dice when it is favourable.
πΈ Grab some funds from the faucet and roll the dice a few times. Watch the balance of the DiceGame contract in the Debug tab. It increases on a failed roll and decreases by the prize amount on a successful roll.
challenge-3-dice-game
- Track the solidity code to find out how the DiceGame contract is generating random numbers.
- Is it possible to predict the random number for any given roll?
<<<<<<< HEAD
π° Randomness is tricky on a public deterministic blockchain. In this challenge you will explore creating random numbers using block hash and how that may be exploitable. Attack the dice game with your own contract by predicting the randomness ahead of time to always roll a winner!
https://github.com/scaffold-eth/scaffold-eth-challenges/tree/challenge-3-dice-game
The BuidlGuidl is a curated group of Ethereum builders creating products, prototypes, and tutorials to enrich the web3 ecosystem. A place to show off your builds and meet other builders. Start crafting your Web3 portfolio by submitting your DEX, Multisig or SVG NFT build.
π΅ Build an exchange that swaps ETH to tokens and tokens to ETH. π° This is possible because the smart contract holds reserves of both assets and has a price function based on the ratio of the reserves. Liquidity providers are issued a token that represents their share of the reserves and fees...
DEX Telegram Channel: https://t.me/+_NeUIJ664Tc1MzIx
https://github.com/scaffold-eth/scaffold-eth-challenges/tree/challenge-4-dex
π£οΈ The Ethereum blockchain has great decentralization & security properties but these properties come at a price: transaction throughput is low, and transactions can be expensive. This makes many traditional web applications infeasible on a blockchain... or does it? State channels look to solve these problems by allowing participants to securely transact off-chain while keeping interaction with Ethereum Mainnet at a minimum.
State Channels Telegram Channel: https://t.me/+k0eUYngV2H0zYWUx
https://github.com/scaffold-eth/scaffold-eth-challenges/tree/challenge-9-state-channels
π©βπ©βπ§βπ§ Using a smart contract as a wallet we can secure assets by requiring multiple accounts to "vote" on transactions. The contract will keep track of transactions in an array of structs and owners will confirm or reject each one. Any transaction with enough confirmations can "execute".
Multisig Telegram Channel: https://t.me/+mkNNF_yHsK8yMTcx
https://github.com/scaffold-eth/scaffold-eth-challenges/tree/challenge-5-multi-sig
π§ Tinker around with cutting edge smart contracts that render SVGs in Solidity. 𧫠We quickly discovered that the render function needs to be public... π€ This allows NFTs that own other NFTs to render their stash. Just wait until you see an Optimistic Loogie and a Fancy Loogie swimming around in the same Loogie Tank!
SVG NFT Telegram Channel: https://t.me/+J9PRea84c1U0Mzkx
https://github.com/scaffold-eth/scaffold-eth-challenges/tree/challenge-6-svg-nft
=======
challenge-3-dice-game
Start by creating a receive() function in the RiggedRoll.sol contract to allow it to receive Eth. This will allow us to fund the RiggedRoll contract from the faucet which is required for our contract to call the rollTheDice() function.
Next add a riggedRoll() function. This function should predict the randomness of a roll, and if the outcome will be a winner, call rollTheDice() on the DiceGame contract.
π Predict the outcome by generating your random numbers in the exact same way as the DiceGame contract.
π£ Reminder! Calling rollTheDice() will fail unless you send a message value of at least .002 Eth! Here is one example of how to send value with a function call.
π To deploy your RiggedRoll contract, uncomment the appropriate lines in the 01_deploy_riggedRoll.js file in packages/hardhat/deploy
β If you're struggling to get the exact same random number as the DiceGame contract, try adding some console.log() statements in both contracts to help you track the values. These messages will appear in the Hardhat node terminal.
- Add a statement to require
address(this).balance >= .002 etherin your riggedRoll function. This will help prevent calling the rollTheDice() function without enough value. - Uncomment the code in
App.jsxto show a riggedRoll button and contract balance on the main UI tab. Now you can test your function without switching tabs. - Does your riggedRoll function only call rollTheDice() when it's going to be a winning roll? What happens when it does call rollTheDice()?
You have beaten the game, but where is your money? Since the RiggedRoll contract is the one calling rollTheDice(), that is where the prize money is being sent.
π₯ Create a withdraw(address _addr, uint256 _amount) function to allow you to send Eth from RiggedRoll to another address.
- Can you send value from the riggedRoll contract to your front end address?
- Is anyone able to call the withdraw function? What would be the downside to that?
- Lock the withdraw function so it can only be called by the owner.
β οΈ But wait, I am not the owner! You will want to set your front end address as the owner in01_deploy_riggedRoll.js. This will allow your front end address to call the withdraw function.
π‘ Edit the defaultNetwork in packages/hardhat/hardhat.config.js, as well as targetNetwork in packages/react-app/src/App.jsx, to your choice of public EVM networks
π©βπ You will want to run yarn account to see if you have a deployer address.
π If you don't have one, run yarn generate to create a mnemonic and save it locally for deploying.
π° Use a faucet like faucet.paradigm.xyz to fund your deployer address (run yarn account again to view balances)
β οΈ Make sure you fund your account with enough Eth! .05 is required to initially fund the DiceGame contract and .01 more is required to fund the riggedRoll contract. Plus a bit extra to pay the gas.
π Run yarn deploy to deploy to your public network of choice (π
wherever you can get β½οΈ gas)
π¬ Inspect the block explorer for the network you deployed to... make sure your contract is there.
π¦ Run yarn build to package up your frontend.
π½ Upload your app to surge with yarn surge (you could also yarn s3 or maybe even yarn ipfs?)
π¬ Windows users beware! You may have to change the surge code in
packages/react-app/package.jsonto just"surge": "surge ./build",
β If you get a permissions error yarn surge again until you get a unique URL, or customize it in the command line.
π Traffic to your url might break the Infura rate limit, edit your key: constants.js in packages/react-app/src
Update the apikey in packages/hardhat/package.json. You can get your key here.
Now you are ready to run the
yarn verify --network your_networkcommand to verify your contracts on etherscan π°
Copy the verified address for your RiggedRoll contract and enter that into the appropriate Etherscan testnet.