The following article is part two of our Capture the Ether series. In it, we take a look at the math vulnerabilities that commonly plague Ethereum smart contracts. If you missed part one, don’t fret. You can check it out here.

For now, let’s get started on part two.

WARNING: The remainder of this article contains solutions to numerous Capture the Ether challenges. If you’re planning on completing Capture the Ether yourself, you may want to do so before finishing this article.

.

.

.

.

.

.

.

.

.

.

.

.

.

Part 2: Exploiting Math Vulnerabilities in Smart Contracts

Whether its during token sales, through wallet logic, or in general funds, the opportunity for math-based vulnerabilities in Ethereum smart contracts is prevalent. Part two brings us six challenges to tackle, each with the goal of capitalizing on some type of math mistake. Follow along and see if you can get the same results.

Challenge 1: Token Sale

Our first challenge requires that we steal some ether from a token sale contract. The contract has a starting balance of one ether, and it allows us to trade tokens at an exchange rate of one ether per token.

As always, we begin by looking through the contract code to get a better understanding of how it operates and see if we have any attack vectors.