From 91cca68f443f8f8fb97c649dc88bdbddde0e645f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Santiago=20Ace=C3=B1olaza?= <santiago.acenolaza@otcxn.com>
Date: Fri, 22 Feb 2019 11:54:00 -0300
Subject: [PATCH] Adding Vault solution

---
 06-Delegation.md |  2 +-
 08-Vault.md      | 39 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 08-Vault.md

diff --git a/06-Delegation.md b/06-Delegation.md
index a864789..f722d88 100644
--- a/06-Delegation.md
+++ b/06-Delegation.md
@@ -20,7 +20,7 @@ Solidity only uses the first four bytes of the hash - so cutting it up would be
 
 Now if we call the fallback function with the parameter of the pwn function, it will execute under the current contract - similar to something like inherited classes.
 
-contract.sendTransaction({data: "0xdd365b8b"})
+`contract.sendTransaction({data: "0xdd365b8b"})`
 
 We should now be the owner if executed correctly.
 
diff --git a/08-Vault.md b/08-Vault.md
new file mode 100644
index 0000000..e7549ff
--- /dev/null
+++ b/08-Vault.md
@@ -0,0 +1,39 @@
+# Vault
+
+* Constructor sets the password to a `private` variable 
+* Does `private` mean that value stored in the blockchain is not visible?
+
+<details>
+  <summary>EXPAND FOR SOLUTION</summary>
+  <p>
+  
+  Ethereum is a public ledger and it is possible to see all contract data sent on-chain. 
+  
+  Setting the `password` variable to private will only mean that internal calls from the very same contract can access it but that doesn't mean the value stored in that variable is not visible.
+
+  All we need to do here is just use the `web3.eth.getStorageAt()` function to inspect the value stored in the `password` variable.
+
+  Solution:
+
+  ```
+  var password = web3.eth.getStorageAt(instance, index);`
+  // For Metamask use callback function
+  web3.eth.getStorageAt(instance.address, 1, (err,res)=>{password=res});
+  ```
+
+  This will return the hex represantation of the password so if we do:
+
+  `web3.toAscii(password);`
+
+  We'll be able to finally see the key string to unlock the vault!
+
+  > "A very strong secret password :)"
+
+  Check out this two Medium articles for a great walkthrough of this problem.
+
+  https://medium.com/coinmonks/ethernaut-vault-problem-b2675393650b
+
+  https://medium.com/coinmonks/how-to-read-private-variables-in-contract-storage-with-truffle-ethernaut-lvl-8-walkthrough-b2382741da9f
+
+  </p>
+</details>