State variables declared “private” are hidden from other contracts but their values are still recorded on the blockchain and so can be read by anyone. See this to learn exactly how: https://www.youtube.com/watch?v=Gg6nt3YW74o In this case, simply reading the value of the private state variable “password” will let you unlock the contract by passing it to … Read more
The challenge is to deploy an instance of Delegation contract and takeover its ownership. The Delegation contract issues a delegatecall to the Delegate contract. What that does is execute the called function from Delegate but through the Delegation contract’s context i.e., the functions in Delegate contract can modify the state variables in the Delegation contract. … Read more
The “Force” contract does not have a “payable” function so we cannot transfer any Ether through usual means. We can however create another contract and call the selfdestruct() function that can send Ether to any address regardless of the payable status.
Contracts written earlier than v0.8.1 were vulnerable to integer over/underflow attacks. For example, if you have uint8 x = 255 then x + 1 will evaluate to 0 (overflow). Similarly, for uint8 x = 0, (x-1) becomes 255. In this challenge we use this vulnerability to steal 50,000 tokens from this contract. Here are both … Read more
We can simply become the owner of the Telephone contract if we can call the Telephone.changeOwner() from a contract (“Solution”) which in turn is called from another contract or EOA – thus satisfying the tx.origin != msg.sender criteria.
The Coinflip contract relies on the block number to generate a random coin flip. This contract can be defeated by knowing the block in which it gets mined. To do that we simply create another contract (say Solution) to call Coinflip.flip() so both transactions(the call to Coinflip.flip() and execution of Coinflip.flip() itself). The solution contract … Read more
Earlier versions of Solidity assumed a function was a constructor if it had the same name as the contract. However, this is a security issue if (1) Contract name gets changed in future and the developer forgets to change the name of the constructor or (2) There is a typo in the constructor name making … Read more
How to run: Deploy “Fallback” contract and copy the address Put this address as the value for Solution.fallbackContract state variable Deploy “Solution” contract along with 500 wei Run Solution.tellVictimBalance() – should return 0 wei Run Solution.tellAttackerBalance() – should return 500 wei Check the value of Fallback.owner – should show the address that deployed “Fallback” contract … Read more
Its tempting to use Tx.Origin as a way to verify the original sender of a transaction but this approach is vulnerable to a phishing attack. For example, consider a contract C that only likes to be called by an address A: Now an attacker B can create an innocuous contract B and have A call … Read more
Solidity does not support floating point types and as such any such calculation needs to be simulated carefully with uint. This however can produce a vulnerability if not done right. Lets look at the contract FunWithNumbers from https://github.com/sigp/solidity-security-blog#15-floating-points-and-precision This line below is converting ETH to some token. The problem is in the division – if … Read more