theCyber — A secret society on the Ethereum blockchain?
The Mysterious Invitation
Around march 23rd, some active members of the Ethereum community started receiving mysterious PGP encrypted email containing invitations to a “decentralized club on the Ethereum Blockchain”.
Are we seeing the birth of the first (not so) secret on-chain society?
|
Warning
|
NON SPOILER ALERT: In this article, no information will be published that is not public yet. This article is not intended to provide any sort of solution (yet at least). I am also not providing any passphrase but keep reading, you may find a way in even without. |
Let’s get the disclaimers done: I am not at all related or affiliated with contracts and people mentioned below. I am mentioning etherscan.io several times because I think this is an awesome tool and it helped my a lot find the solution. I am however not affiliated with etherscan.io
Complexity Level
While some like to know the complexity of a puzzle before starting it, other may prefer not to know. So I will not make any statement about the complexity yet but you definitely should give it a go and judge by yourself. The challenge requires knowledge about the Ethereum Blockchain as well as smart contracts using the Solidity language.
In this article, the only tool you will need in order to follow and check everything by yourself (which I highly recommend) is an internet browser.
The Invitation
The invitation message has been initially sent encrypted using PGP. If you don’t have keys yet, it may be good time to create some GPG keys and/or check that you still can use them! Services such as keybase.io make it a breeze.
The invitation contains a few paragraphs of text as well as a signature of the message itself and a piece of code using the Ethereum web3 library to check the signature.
The invitation from “0age” contains a bit of explanation to get started as well as a list of pass phrases (not shown above). This sounds very much like a nice puzzle to solve and what a great way to get started and test your Ethereum knowledge!
The Contract(s) Overview
We get started with a contract named theCyber and registered on the Ethereum Name Service (ENS) under the url thecyber.eth. An ENS lookup on etherscan.io gives us additional information matching the invitation:
theCyber contract address: 0x97A99C819544AD0617F48379840941eFbe1bfAE1
The invitation mentions that the entry of theCyber is facilitated by with a second contract: gatekeeper.thecyber.eth
theCyberGateKeeper contract address: (Do not use, this is the old contract: 0x44919b8026f38d70437a8eb3be47b06ab1c3e4bf)
EDIT: Due to a flaw in the original contract, a new version of the GateKeeper called theCyberGatekeeperTwo has been deployed: https://etherscan.io/address/gatekeepertwo.thecyber.eth#code
theCyberGateKeeperTwo: 0xbB902569a997D657e8D10B82Ce0ec5A5983C8c7C
Owner of both ENS entries: 0x0734d56da60852a03e2aafae8a36ffd8c12b32f1
The new GateKeeper (theCybergateKeeperTwo) should be used by new candidates as it will activate before the initial one (128 instead of 250).
A restricted entry
In those times of ICO flooding, some may wonder how to get in and how much it costs. This is where things become interesting. The entry to theCyber is free (free as in beer, beside a few transaction fees).
It is however restricted. More on that below.
At current Ether rate, you can get in, all included, way under 1 EUR / 1 USD worth of Ether.
The invitation mentions that:
The first goal of theCyber is to establish a diverse set of knowledgeable members without requiring identity verification.
The entry is not restricted by someone, anyone (yet) or some group of people. If you can convince the smart contract to let you in, you can join the entrants list. A quick look at theCyber contract shows some activity:
A quick look at theCyberGatekeeper also shows a few transactions:
Don’t get fooled, the activity may not be where you expected to be… As a matter of fact, many of the transactions above have failed and likely come from invited users who underestimated the level of complexity to enter.
Shouting a password at the door seems to not be enough.
Can I trust?
When it comes to interacting with Blockchains and Crypto-currencies, the first question one should ask is probably whether this contracts(s) can be trusted or not.
Are you going to spend your precious Ether in transactions to a fully unknown contract? I certainly would not.
Further looking at the data available so far, we can see that this contract is Verified on etherscan.
Hold you horse ICO investor, “Verified” on Etherscan does NOT mean you can blindly trust this contract and send it your millions. You can even ignore me and try, the contract will reject (almost) any sort of payment. Bribes will not get you anywhere!
Having the contract verified means the source of the contract is available and compiling the source results in the same bytecode that is stored on the blockchain!
In other words, we can trust (to a certain extend) that the code we see is the code of theCyber and theCyberGatekeeper that really runs when you send them transactions through the Ethereum Blockchain.
Having the source of the code is likely a good thing if we want to get in! We now know if have the right source code. It sounds like we can make our way in.
The source is written in a language specific to Ethereum and called Solidity. If the source is available, that also mean we can compile it, generate its ABI, deploy it with and in our favourite tools and extract precious (or not) information… we may need that later.
Luckily, etherscan already took care of some work here again and we can see both the bytecode and the ABI at: 0x44919b8026f38d70437a8eb3be47b06ab1c3e4bf
That also means that we can use etherscan to read some values in this contract.
Let me in!
Looking carefully at the previous screenshot, we may notice an information that is confirmed by the invitation.
That’s right: there are 250 spots in theCyber club and 10 have been claimed already after 3 days. That means you still have plenty of time and a long upcoming weekend to try getting in but you will not be the only one, don’t lose time!
It does not matter how slowly you go as long as you do not stop.
I expect the number of entrants to accelerate as time goes on. The information will spread and people may start sharing their solutions. I hope however that this will not happen too much and only the best of the best will get in. Will you be one of those?
Please share the information but not the solution!
The user @LefterisJP seems to be in the TOP 3 users who made it in. https://gist.github.com/LefterisJP/519959606b43268ae82a82ac3a34d79b
I would also be surprised if the author of the Solidity language: @ethchris is not among them.
I personally could not sleep. A few more spots were already taken when I got the information. I had to get in :)
To be continued
Since I promise a 0-spoil article, I decided to not show any code or discuss it yet. If you have experience with Ethereum, you will find trivial to find the solidity code and have a first look. If you have less experience, here is a great opportunity and a good exercise to get started with Ethereum.
Other articles will follow with walk though of the contracts and the tooling to get in there. In the meantime, you may read carefully the Solidity documentation, especially the part regarding modifiers, hashes and the revert() function.
Thanks for the fun 0age! I take the chance to also thank @LefterisJP and @nicksdjohnson for sharing both information and pass-phrases on the topic.
Keep reading about this topic with the next article.
Wilfried Kopp aka. Chevdor
Building Blockchains & Decentralized Solutions
I build decentralized solutions and tooling to support them. I am developing Smart Contracts and dApps on Ethereum and developing tooling for Substrate (Polkadot & Kusama). I love Rust! I am using Docker extensively and above all I like efficiency. GPG Fingerprint 15AF C574 D3F9 F1C3 CCDD E31E 2DCE C4DC 506E 6475.