Cast Storage

Table Of Content

Share:

Introduction

Lets understand the smart contract storage model in Ethereum and EVM-based chains and how you can access the public and private variables of any smart contract deployed on the blockchain. We can do this by using cast storage. 

Contract:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.7;
contract Storage {
address public contractAddress = address(this);
bytes private BlockApex = hex"426c6f636b41706578";
uint256 public Slot = 0;
struct Passwords {
 string name;
uint256 secretKey;
string password;
}
Passwords[] private passwords;
mapping (uint256 => Passwords) private destiny;
}

Contract Address (Rinkeby) : 0xfE43d853eBa639c40d071ebd046c9F61fF215ebF

Contract Link : https://rinkeby.etherscan.io/address/0xfe43d853eba639c40d071ebd046c9f61ff215ebf

Let's start: 

| - - - - - - - - - - - -Slot 0 - - - - - - - - - - - -|
address public contractAddress = address(this); 
| - - - - - - - - - - - -Slot 1 - - - - - - - - - - - -|
bytes private BlockApex = hex"426c6f636b41706578";
| - - - - - - - - - - - -Slot 2 - - - - - - - - - - - -|
uint256 public Slot = 0;
| - - - - - - - -No Slot Consumed- - - - - - - -|
struct Passwords {
string name;
uint256 secretKey;
string password;
}
| - - - - - - - - - - - -Slot 3 - - - - - - - - - - - -| // size will be here
Passwords[] private passwords;
| - - - - - - - - - - - -Slot 4 - - - - - - - - - - - -|
mapping (uint256 => Passwords) private destiny;

Static Sized Variables can be simply accessed with command

Cast storage $ContractAddress slotNumber
cast storage 0xfE43d853eBa639c40d071ebd046c9F61fF215ebF 0

Similarly for the storage slot 1 

cast storage 0xfE43d853eBa639c40d071ebd046c9F61fF215ebF 1

This command will lead you to the data stored in memory slots. . 

The data you receive might be in hex, to make it meaningful try using (cast —to-ascii (hex))

Eg:

cast storage 0xfE43d853eBa639c40d071ebd046c9F61fF215ebF 1

Result: 0x426c6f636b417065780000000000000000000000000000000000000000000012

cast –to-ascii 0x426c6f636b417065780000000000000000000000000000000000000000000012

Result: BlockApex

Accessing mapping data in solidity is a little bit complex. First you  identify the slot where your mapping currently stands. In our case, the mapping is on the 4th slot. Another important thing to note is since mappings  are hashTables they are only accessed by keys so you need to pass [key + StorageSlot] to the keccak hashing function in order to retrieve the data. 

Eg: 

cast keccak (key + storageSlot) 
cast keccak “0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004

This command will give you the respective hash which is actually the slot of the first element  stored in mapping. To access the 2nd element increment in the key like:

Eg: 

cast keccak (key++  +  storageSlot) 
cast keccak “0x00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000004

It will give you the hash slot of the 2nd item of the mapping, if you iterate through you can access all the items.

Now send this hash (result of keccak) to the cast command as follows 

Eg: 

cast storage $contractAddress hash
cast storage 0xfE43d853eBa639c40d071ebd046c9F61fF215ebF 0xabd6e7cb50984ff9c2f3e18a2660c3353dadf4e3291deeb275dae2cd1e44fe05

This command leads you to the 1st property of the struct that is saved in the mapping and further on as you increment in the key. 

Now the problem is if your mapping contains a struct, you only get the 1st element of the struct which is the string property [name] in our case.

Eg: 

struct Passwords {
string name;
uint256 secretKey;
string password;
}

To iterate further in the same struct, you need to increment one in your keccak hash, for instance if you get a hash like 

0xabd6e7cb50984ff9c2f3e18a2660c3353dadf4e3291deeb275dae2cd1e44fe05+1 (add 1) 

the next element is held in

0xabd6e7cb50984ff9c2f3e18a2660c3353dadf4e3291deeb275dae2cd1e44fe06

Now we send this updated hash to the cast command like 

Eg: 

cast storage $contractAddress hash
cast storage 0xfE43d853eBa639c40d071ebd046c9F61fF215ebF 0xabd6e7cb50984ff9c2f3e18a2660c3353dadf4e3291deeb275dae2cd1e44fe06

This leads you to the second element of the struct which is the secretKey.

Further add 1 again in the hash.

0xabd6e7cb50984ff9c2f3e18a2660c3353dadf4e3291deeb275dae2cd1e44fe06+1 

the next element is held in 0xabd6e7cb50984ff9c2f3e18a2660c3353dadf4e3291deeb275dae2cd1e44fe07

Again hit the contract with the updated hash and you will get the password which is the last element of the struct stored in mapping!

Congrats you have unveiled the mystery of Solidity internals!
PS: cast can come handy only if you want.

More Audits

Chainpals Transaction Audit Report

Chainpals transaction contract is responsible for handling the multi-phased transactions that take place between a buyer and a seller, each overlooked by escrow managers to make sure everything goes smoothly.

Revisiting Ethereum Classic in Light of the London Hard Fork

The successful upgrade of the London Hard Fork is a big difference from the fork leading to Ethereum Classic that took place back in 2016. However, despite their divergence, both are milestones in the Ethereum world- guaranteed to have lasting impacts on the blockchain as we know it. Read more to find out the circumstances surrounding each hard fork and the role they may play in shaping Ethereum's future.

Rise & Fall of Proof of Work: Is Proof Of Stake The Inevitable Answer?

Consensus algorithms are undoubtedly a major building block of blockchain technology. By definition, no single party can control the operation of a blockchain network, so consensus algorithms are relied on to achieve a common agreement.

SEC Regulations: Sabotage Under The Guise Of Protection?

The SEC describes its motives to be the safeguarding of investors, while members of the blockchain community see their actions as sabotage. Read more to find out the history of this controversy and its implications on the general definition of security.

The Poly Network Hack: Who to Blame?

What was essentially the biggest hack in the history of cryptocurrency became a valuable lesson on the importance of security and just how powerless big organizations can become in the face of powerful hackers. The unusual trajectory of this incident also begs the question of where to place the blame in these kinds of attacks. Read more to find out exactly how the hack took place as we analyze the most pressing questions surrounding this attack.

Dafi BSC-ETH Bridge (Final Audit)

Dafi’s “dbridge” enables users to bring their ERC-20 $DAFI tokens across from the Ethereum network to Binance Smart Chain, and vice versa, with aims of making $DAFI available on multiple high-speed and low-cost networks.

PhoenixDAO LP Staking Final Audit

BlockApex (Auditor) was contracted by PhoenixDAO (Client) for the purpose of conducting a Smart Contract Audit/Code Review.  This document presents the findings of our analysis which took place on   28th October 2021.

Infiltrating the EVM-III: Unravel the Impact Of Blockchain On Bug Fixing!

Fixing a bug in traditional software development is often likened to solving a difficult puzzle, each presenting its own challenges. This task has always been complex and time-consuming. However, resolving bugs in a blockchain system is even more demanding due to its transparent & permissionless nature and the high stakes involved with users' funds.

Infiltrating The EVM IV - Echoes of the Past, Visions for Tomorrow

The article "Infiltrating The EVM IV - Echoes of the Past, Visions for Tomorrow" takes readers on a captivating journey through real-life incidents in the realm of blockchain security. Three gripping narratives stand out: the MISO rescue mission, the Dark Forest of Ethereum, and the Siren Market exploit.

1 2 3 10
Designed & Developed by: 
All rights reserved. Copyright 2023