Solidity Game - Telephone Attack

Inspired by OpenZeppelin's Ethernaut, Telephone Level

⚠️Do not try on mainnet!

Task

There is a contract written as the source code below.

Claim ownership of the contract.

Hint:

solhint will give you information where your attention is required.

What will you learn?

Difference between tx.origin vs msg.sender

What is the most difficult challenge?

Never use tx.origin for authorization. 🤔

What is tx.origin? and what is the difference with msg.sender?

See the description in Solidity Doc

tx.origin
- The original user wallet that initiated the transaction
- The origin address of potentially an entire chain of transactions and calls
- Only user wallet addresses can be the tx.origin
- A contract address can never be the tx.origin
msg.sender
- The immediate sender of this specific transaction or call
- Both user wallets and smart contracts can be the msg.sender

Example:

Where tx.origin, msg.sender is observed in the context of the very last node

Tip: msg.sender checks where the external function call directly came from. msg.sender is typically who you want to authenticate. 😄

Source Code

⚠️This contract contains a bug or risk. Do not use on mainnet!

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.5;

contract Telephone {
  address public owner;

  constructor() {
    owner = msg.sender;
  }

  function changeOwner(address _owner) public {
    if (tx.origin != msg.sender) {
      owner = _owner;
    }
  }
}

Configuration

Install Truffle cli

Skip if you have already installed.

npm install -g truffle

Install Dependencies

yarn install

Test and Attack!💥

Run Tests

truffle develop
test

You should take ownership of the target contract successfully.

truffle(develop)> test
Using network 'develop'.


Compiling your contracts...
===========================
> Everything is up to date, there is nothing to compile.



  Contract: Hacker
    √ should change owner (297ms)


  1 passing (373ms)

maAPPsDEV/telephone-attack