Mr Steal Yo Crypto

The offensive security playground for exploiting smart contracts

< Back to challenges

Challenge 15 - Malleable

You’ve been sniffing around the dark forest and have come across the TreasureVault contract. It requires a verified signature by the contract owner to withdraw select amounts of ETH.

You’ve recorded the signature used by a user in a previous tx to withdraw some ETH.

Drain the remainder of the contract funds.