Last active
November 16, 2017 08:11
-
-
Save gakonst/5ecacdb1fd0a66f7948eca42fa96218f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.4.11; | |
| // Credits to OpenZeppelin for this contract taken from the Ethernaut CTF | |
| // https://ethernaut.zeppelin.solutions/level/0x68756ad5e1039e4f3b895cfaa16a3a79a5a73c59 | |
| contract Delegate { | |
| address public owner; | |
| function Delegate(address _owner) { | |
| owner = _owner; | |
| } | |
| function pwn() { | |
| owner = msg.sender; | |
| } | |
| } | |
| contract Delegation { | |
| address public owner; | |
| Delegate delegate; | |
| function Delegation(address _delegateAddress) { | |
| delegate = Delegate(_delegateAddress); | |
| owner = msg.sender; | |
| } | |
| // an attacker can call Delegate.pwn() in the context of Delegation | |
| // this means that pwn() will modify the state of **Delegation** and not Delegate | |
| // the result is that the attacker takes unauthorized ownership of the contract | |
| function() { | |
| if(delegate.delegatecall(msg.data)) { | |
| this; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment