- Node
Install ganache-cli, solc, and web3 via npm, i.e., npm install ganache-cli web3 solc --save
In another terminal window, begin the ganache test client: ./node_modules/.bin/ganache-cli
Then, in this directory, simply run node index.js.
You should see something like the following output
helogale:InvalidCalldataPOC jrw$ node index.js
Done compiling
Deployed exploitable contract
0
The return value of 0 indicates that the calldata validation code did not correctly revert, and instead
"zero padded" the nested arrays in calldata. The leaf of the call tree, doIt faithfully reads
the 0's inserted by the call in outer.