BlockApex (Auditor) was contracted by PhoenixDAO (Client) for the purpose of conducting a Smart Contract Audit/Code Review. This document presents the findings of our analysis which took place on 28th October 2021.
BlockApex 
August 29, 2022 Lets understand the smart contract storage model in Ethereum and EVM-based chains and how you can access the public and private variables of any smart contract deployed on the blockchain. We can do this by using cast storage.
// SPDX-License-Identifier: MITpragma solidity ^0.8.7;contract Storage {address public contractAddress = address(this);bytes private BlockApex = hex"426c6f636b41706578";uint256 public Slot = 0;struct Passwords { string name;uint256 secretKey;string password;}Passwords[] private passwords;mapping (uint256 => Passwords) private destiny;}Contract Address (Rinkeby) : 0xfE43d853eBa639c40d071ebd046c9F61fF215ebF
Contract Link : https://rinkeby.etherscan.io/address/0xfe43d853eba639c40d071ebd046c9f61ff215ebf
| - - - - - - - - - - - -Slot 0 - - - - - - - - - - - -|address public contractAddress = address(this); | - - - - - - - - - - - -Slot 1 - - - - - - - - - - - -|bytes private BlockApex = hex"426c6f636b41706578";| - - - - - - - - - - - -Slot 2 - - - - - - - - - - - -|uint256 public Slot = 0;| - - - - - - - -No Slot Consumed- - - - - - - -|struct Passwords {string name;uint256 secretKey;string password;}| - - - - - - - - - - - -Slot 3 - - - - - - - - - - - -| // size will be herePasswords[] private passwords;| - - - - - - - - - - - -Slot 4 - - - - - - - - - - - -|mapping (uint256 => Passwords) private destiny;Static Sized Variables can be simply accessed with command
Cast storage $ContractAddress slotNumbercast storage 0xfE43d853eBa639c40d071ebd046c9F61fF215ebF 0Similarly for the storage slot 1
cast storage 0xfE43d853eBa639c40d071ebd046c9F61fF215ebF 1This command will lead you to the data stored in memory slots. .
The data you receive might be in hex, to make it meaningful try using (cast —to-ascii (hex))
cast storage 0xfE43d853eBa639c40d071ebd046c9F61fF215ebF 1Result: 0x426c6f636b417065780000000000000000000000000000000000000000000012
cast –to-ascii 0x426c6f636b417065780000000000000000000000000000000000000000000012Result: BlockApex
Accessing mapping data in solidity is a little bit complex. First you identify the slot where your mapping currently stands. In our case, the mapping is on the 4th slot. Another important thing to note is since mappings are hashTables they are only accessed by keys so you need to pass [key + StorageSlot] to the keccak hashing function in order to retrieve the data.
cast keccak (key + storageSlot) cast keccak “0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004This command will give you the respective hash which is actually the slot of the first element stored in mapping. To access the 2nd element increment in the key like:
cast keccak (key++ + storageSlot) cast keccak “0x00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000004It will give you the hash slot of the 2nd item of the mapping, if you iterate through you can access all the items.
Now send this hash (result of keccak) to the cast command as follows
cast storage $contractAddress hashcast storage 0xfE43d853eBa639c40d071ebd046c9F61fF215ebF 0xabd6e7cb50984ff9c2f3e18a2660c3353dadf4e3291deeb275dae2cd1e44fe05This command leads you to the 1st property of the struct that is saved in the mapping and further on as you increment in the key.
Now the problem is if your mapping contains a struct, you only get the 1st element of the struct which is the string property [name] in our case.
struct Passwords {string name;uint256 secretKey;string password;}To iterate further in the same struct, you need to increment one in your keccak hash, for instance if you get a hash like
0xabd6e7cb50984ff9c2f3e18a2660c3353dadf4e3291deeb275dae2cd1e44fe05+1 (add 1)
the next element is held in
0xabd6e7cb50984ff9c2f3e18a2660c3353dadf4e3291deeb275dae2cd1e44fe06
Now we send this updated hash to the cast command like
cast storage $contractAddress hashcast storage 0xfE43d853eBa639c40d071ebd046c9F61fF215ebF 0xabd6e7cb50984ff9c2f3e18a2660c3353dadf4e3291deeb275dae2cd1e44fe06This leads you to the second element of the struct which is the secretKey.
Further add 1 again in the hash.
0xabd6e7cb50984ff9c2f3e18a2660c3353dadf4e3291deeb275dae2cd1e44fe06+1
the next element is held in 0xabd6e7cb50984ff9c2f3e18a2660c3353dadf4e3291deeb275dae2cd1e44fe07
Again hit the contract with the updated hash and you will get the password which is the last element of the struct stored in mapping!
Congrats you have unveiled the mystery of Solidity internals!
PS: cast can come handy only if you want.
BlockApex (Auditor) was contracted by PhoenixDAO (Client) for the purpose of conducting a Smart Contract Audit/Code Review. This document presents the findings of our analysis which took place on 28th October 2021.
BlockApex 
December 14, 2021 Jump Defi infrastructure built on NEAR Protocol, a reliable and scalable L1 solution. Jump Defi is a one-stop solution for all core Defi needs on NEAR. Jump ecosystem has a diverse range of revenue-generating products which makes it sustainable.
BlockApex
June 22, 2023 On 21sth November 2021, Pickle finance was hacked, where an attacker was able to drain $19M DAI from the pDai jar. The attack exploited multiple inconsistencies & flaws in the logic of the pickle jar contract.
BlockApex
May 30, 2022 Learn how Fuzz Driven Development (FDD) transforms software testing by assisting programmers and testers in overcoming prejudices for improved code quality, security, and performance.
BlockApex
August 11, 2023 An off-chain transaction deals with values outside the blockchain and can be completed using a lot of methods. To carry out any kind of transaction, both functioning entities should first be in agreement, after that a third-party comes into the picture to validate it.
BlockApex
February 23, 2022 The Euler Finance hack had a devastating impact on the platform and its users, with approximately $197 million worth of assets stolen, including ETH, WBTC, USDC, and DAI. This placed Euler Finance at number 6 on the leaderboard of the largest DeFi hacks. The platform's total value locked (TVL) dropped from $264 million to just $10 million.
BlockApex
March 14, 2023 Yamato Protocol is a crypto-secured stablecoin generator DApp pegged to JPY. Yamato Protocol is a lending decentralized financial application (DeFi) that can generate Japanese Yen stablecoin "CJPY". It is being developed by DeFiGeek Community Japan, a decentralized autonomous organization.
BlockApex
June 15, 2023 The successful upgrade of the London Hard Fork is a big difference from the fork leading to Ethereum Classic that took place back in 2016. However, despite their divergence, both are milestones in the Ethereum world- guaranteed to have lasting impacts on the blockchain as we know it. Read more to find out the circumstances surrounding each hard fork and the role they may play in shaping Ethereum's future.
BlockApex
August 25, 2021 The BonqDAO security breach that occurred on February 2, 2023, had far-reaching consequences for the platform, its users, and the wider DeFi ecosystem. The attack exploited a vulnerability in the integration of the Tellor Oracle system, which BonqDAO relied on for obtaining token price information.
BlockApex
September 22, 2023 
