0xPOLAND — Adventure Awaits

Peter Kacherginsky
7 min readDec 22, 2020

Last month, ETHworks put together a really fun smart contract contest where players competed to solve all the clues and unlock a 7 ETH reward. While I did not win, I had an absolute blast participating in it and wanted to share my notes in case you want to learn about password cracking and smart contract hacking techniques. If that sounds interesting to you, let’s dive right in.

#0xPOLAND

On November 17th, 2020, while preparing for the next edition of the Blockchain Threat Intelligence newsletter, I ran across an interesting tweet advertising some kind of a smart contract contest:

https://twitter.com/0xPoland/status/1328616243562156032

The address contained a simple smart contract which challenged anyone to guess a plaintext for a stored hash which was hashed twice with KECCAK-256:

The hash was initialized at contract deployment time and could be easily looked up in Etherscan:

https://etherscan.io/address/0x46ca2bf8188303887d6af76ddd316afa233b2ec9#readContract

--

--

Peter Kacherginsky

Blockchain Security, Malware Analysis, Incident Response, Pentesting, BlockThreat.net