proof-of-exploit-huff-template

Write PoCs for exploits in Huff and prove them in zk.

Getting Started

Requirements

The following will need to be installed in order to use this template. Please follow the links and instructions.

• Huff Compiler
  • You'll know you've done it right if you can run huffc --version and get an output like: huffc 0.3.0
• Proof of Exploit
  • You'll need to use this to test, prove or verify exploits.

Quickstart

1. Clone the repo
2. Install dependencies using forge install
3. cp .env.example .env and then write alchemy key.
4. To test the exploit exploit test (reads the .env file and uses it to fill in the required cli params)

Proving

The exploit binary has a subcommand prove:

$ exploit prove --help

Usage: exploit prove [OPTIONS]

Options:
      --rpc <URL>                 Enter ethereum archive node RPC url (required)
      --block <NUMBER>            Enter the fork block number (required)
      --challenge <CONTRACT>      Enter solidity file path (default: src/Challenge.sol)
      --exploit <CONTRACT>        Enter huff file path (default: src/Exploit.huff)
      --tx <HEX>                  Enter the raw tx (optional)
      --dir <PATH>                Enter the dir for srs params (optional)
      --mock                      Use mock prover (default: false)
  -h, --help                      Print help

• This creates an anvil mainnet fork using archive rpc node and block number provided, the rpc and block can also be read from .env.
• The challenge contract is hooked to the 0xfeedc0de00000000000000000000000000000000 magic address and it's codehash is included in the snark's public inputs and the source code included in proof.json.
• The exploit contract is hooked to the 0xbada550000000000000000000000000000000000 magic address and your badass code is kept secret.
• On running exploit prove, a local block is generated, which has just one tx sent to Challenge.entryPoint(). Using the zkEVM circuits, a proof is generated for validity of the EVM operations.

Testing

forge test can be used. For testing with exploit binary (which uses anvil + some patches) but without generating proof:

$ exploit test --rpc https://eth-sepolia.g.alchemy.com/v2/<alchemy-key> --block 4774970

anvil initialized - chain_id: 11155111, block_number: 4774970
transaction gas: 97945
test passed

If a .env file is present with ETH_RPC_URL and FORK_BLOCK_NUMBER then:

$ exploit test

anvil initialized - chain_id: 11155111, block_number: 4774970
transaction gas: 97945
test passed

For more information on how to use Foundry, check out the Foundry Github Repository and the foundry-huff library repository.

Acknowledgements

• forge-template
• femplate

Disclaimer

These smart contracts are being provided as is. No guarantee, representation or warranty is being made, express or implied, as to the safety or correctness of the user interface or the smart contracts. They have not been audited and as such there can be no assurance they will work as intended, and users may experience delays, failures, errors, omissions, loss of transmitted information or loss of funds. The creators are not liable for any of the foregoing. Users should proceed with caution and use at their own risk.