This is the second part of my series around Ethernaut Game. In this post, we will deal with Level 2: Fallout. Our goal is to claim the ownership of a given smart contract. If we look at the function we see that it suppose to be the constructor. This is due to comments and the fact that constructors always are named in the same way as the smart contract. As you know a constructor only gets executed when the contract first deploys. Fallout After further analysis we see that this is the only place where the ownership of the smart contract is assigned. /* constructor */
  function Fal1out() public payable {
    owner = msg.sender;
    allocations[owner] = msg.value;
  } One of the recommendations was to analyse the contract in the Remix IDE. Why? Because when you look at the constructor again you will see a typo in the name. Recall that the name of the constructor should be the same as the smart contract name, i.e. in that case . However, the name of the constructor is This means that this is not a constructor, but a normal function that we can call to claim ownership. Fallout Fal1out So, let's give it a try. First, we call the function and after that check who is the owner of the contract. That's it. We claimed the ownership. Conclusion The vulnerability in the smart contract was the wrong name of the constructor. It was supposed to be a constructor however, due to a type ( not ) it behaves similarly to any other function. Fal1out Fallout Also Published Here

How to Solve Level 3 of the Ethernaut Game

How to Solve the First Task of the Ethernaut Game

Do not forget to follow me 

Nominated for 2022 - HackerNoon Contributor of the Year - Ethereum

Nominated for 2022 - HackerNoon Contributor of the Year - Smart Contracts

Nominated for 2022 - HackerNoon Contributor of the Year - Solidity

Nominated for 2022 - Software Developer of the Year

Nominated for 2022 - HackerNoon Contributor of the Year - Programming

Nominated for 2022 - HackerNoon Contributor of the Year - Security

Too Long; Didn't Read

Make resilience your competitive advantage

How to Solve the Second Task of the Ethernaut Game

How to Solve the Second Task of the Ethernaut Game

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

Hack Solidity: Integer Overflow and Underflow

Good Samaritan - The New Ethernaut CTF Challenge

How to Solve the Ethernaut Game's Level 4: Telephone

How to Solve the Ethernaut Game's Level 5: Token

Smart Contract Security in Solidity

Hack Solidity: Integer Overflow and Underflow

Good Samaritan - The New Ethernaut CTF Challenge

How to Solve the Ethernaut Game's Level 4: Telephone

How to Solve the Ethernaut Game's Level 5: Token

Smart Contract Security in Solidity

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps