4 - Telephone

tx.origin and msg.sender

Ethernaut Level4: Telephonearrow-up-right

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract Telephone {

  address public owner;

  constructor() {
    owner = msg.sender;
  }

  function changeOwner(address _owner) public {
    if (tx.origin != msg.sender) {
      owner = _owner;
    }
  }
}

Goal of this level

  • claim ownership of the contract

What you should know before

Solution

chevron-rightKey to solve this problem πŸ”‘hashtag

tx.origin is the very first initiator's address of the transaction while msg.sender is the caller address that directly called the contract.

In this problem, tx.origin will be your wallet address and msg.sender will be the address of AttackTelephone contract.

You just need to call attack() function.

Done! 😎

Key Takeaways

  • In most cases, it is not recommended to use tx.origin in terms of security.

Last updated