Puzzle10.md

Analysis

1. CODESIZE (38): Pushes the size of the contract's code onto the stack.

2. CALLVALUE (34): Pushes the value sent with the transaction onto the stack.

3. SWAP1 (90): Swaps the top two values on the stack.

4. GT (11): Compares the two values on the stack. Pushes 1 if CALLVALUE is less than CODESIZE, otherwise 0.

5. PUSH1 08 (6008), JUMPI (57): Jumps to byte 08 if CALLVALUE is less than CODESIZE.

6. REVERT (FD): Reverts the execution if the condition is not met.

7. JUMPDEST (5B) at 08: Marks a valid jump destination.

8. CALLDATASIZE (36): Pushes the size of the calldata onto the stack.

9. PUSH2 0003 (610003), SWAP1 (90), MOD (06): Calculates CALLDATASIZE % 3.

10. ISZERO (15): Checks if the modulus result is zero.

11. CALLVALUE (34), PUSH1 0A (600A), ADD (01): Adds 10 to CALLVALUE.

12. JUMPI (57): Jumps to byte 19 if the previous result is zero.

13. REVERT (FD): Reverts the execution if the jump is not made.

14. JUMPDEST (5B) at 19, STOP (00): Marks another jump destination and stops execution.

Execution

To successfully reach the STOP instruction without reverting, the following conditions must be met:

• CALLVALUE must be less than or equal to 27 (the CODESIZE).
• CALLDATASIZE must be a multiple of 3.
• CALLVALUE + 10 must be equal to 25 to make the final JUMPI instruction jump to the JUMPDEST at byte 19.

Solution

To meet these requirements:

• CALLVALUE: Must be 15 (since 15 + 10 = 25).
• CALLDATASIZE: Must be a multiple of 3.

A possible solution is:

• CALLVALUE: 15 (in decimal) or 0F (in hex).
• CALLDATA: Any data with a size that is a multiple of 3, such as 0xFFFFFF.

This setup ensures the bytecode execution successfully reaches the STOP opcode at byte 1A without triggering any REVERT.