Solidity Game - Telephone Attack

Inspired by OpenZeppelin's Ethernaut, Telephone Level

⚠️Do not try on mainnet!

Task

There is a contract written as the source code below.

1. Claim ownership of the contract.

Hint:

1. solhint will give you information where your attention is required.

What will you learn?

1. Difference between tx.origin vs msg.sender

What is the most difficult challenge?

Never use tx.origin for authorization. 🤔

What is tx.origin? and what is the difference with msg.sender?

See the description in Solidity Doc

• tx.origin
  • The original user wallet that initiated the transaction
  • The origin address of potentially an entire chain of transactions and calls
  • Only user wallet addresses can be the tx.origin
  • A contract address can never be the tx.origin
• msg.sender
  • The immediate sender of this specific transaction or call
  • Both user wallets and smart contracts can be the msg.sender

Example:

Where tx.origin, msg.sender is observed in the context of the very last node

Tip: msg.sender checks where the external function call directly came from. msg.sender is typically who you want to authenticate. 😄

Source Code

⚠️This contract contains a bug or risk. Do not use on mainnet!

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.5;

contract Telephone {
  address public owner;

  constructor() {
    owner = msg.sender;
  }

  function changeOwner(address _owner) public {
    if (tx.origin != msg.sender) {
      owner = _owner;
    }
  }
}

Configuration

Install Truffle cli

Skip if you have already installed.

npm install -g truffle

Install Dependencies

yarn install

Test and Attack!💥

Run Tests

truffle develop
test

You should take ownership of the target contract successfully.

truffle(develop)> test
Using network 'develop'.


Compiling your contracts...
===========================
> Everything is up to date, there is nothing to compile.



  Contract: Hacker
    √ should change owner (297ms)


  1 passing (373ms)