paint-brush
How to Solve the Second Task of the Ethernaut Gameby@kamilpolak
331 reads
331 reads

How to Solve the Second Task of the Ethernaut Game

by Kamil PolakJanuary 20th, 2022
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

This is the second part of my series around Ethernaut Game. In this post, we will deal with Level 2: Fallout: Claim the ownership of a given smart contract. The name of the constructor is not a constructor, but a normal function that we can call to claim ownership. This is due to comments and the fact that constructors always are named in the same way as the smart contract name, i.e. in that case `Fallout` However, due to the name of a constructor however, it behaves similarly to any other function. We see that this is the only place where the ownership is assigned.
featured image - How to Solve the Second Task of the Ethernaut Game
Kamil Polak HackerNoon profile picture

This is the second part of my series around Ethernaut Game. In this post, we will deal with Level 2: Fallout.


Our goal is to claim the ownership of a given smart contract.


If we look at the function Fallout we see that it suppose to be the constructor. This is due to comments and the fact that constructors always are named in the same way as the smart contract. As you know a constructor only gets executed when the contract first deploys.


After further analysis we see that this is the only place where the ownership of the smart contract is assigned.


  /* constructor */
  function Fal1out() public payable {
    owner = msg.sender;
    allocations[owner] = msg.value;
  }


One of the recommendations was to analyse the contract in the Remix IDE. Why?


Because when you look at the constructor again you will see a typo in the name. Recall that the name of the constructor should be the same as the smart contract name, i.e. in that case Fallout. However, the name of the constructor is Fal1out This means that this is not a constructor, but a normal function that we can call to claim ownership.


So, let's give it a try. First, we call the function and after that check who is the owner of the contract.


That's it. We claimed the ownership.

Conclusion

The vulnerability in the smart contract was the wrong name of the constructor. It was supposed to be a constructor however, due to a type (Fal1out not Fallout) it behaves similarly to any other function.


Also Published Here