https://ethernaut.openzeppelin.com/
Claim ownership of the contract below
// Claim Ownership of the Contract
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
import 'openzeppelin-contracts-06/math/SafeMath.sol';
contract Fallout {
using SafeMath for uint256;
mapping (address => uint) allocations;
address payable public owner;
/* constructor */
function Fal1out() public payable {
owner = msg.sender;
allocations[owner] = msg.value;
}
modifier onlyOwner {
require(
msg.sender == owner,
"caller is not the owner"
);
_;
}
function allocate() public payable {
allocations[msg.sender] = allocations[msg.sender].add(msg.value);
}
function sendAllocation(address payable allocator) public {
require(allocations[allocator] > 0);
allocator.transfer(allocations[allocator]);
}
function collectAllocations() public onlyOwner {
msg.sender.transfer(address(this).balance);
}
function allocatorBalance(address allocator) public view returns (uint) {
return allocations[allocator];
}
}
Exploiting the "Fallout" Contract for Ownership Takeover:
In this walkthrough, we will exploit the "Fallout" contract to demonstrate an ownership takeover vulnerability. The contract has a misspelled constructor name, and we will use this vulnerability to become the new owner of the contract.
Step 1: Identifying the Vulnerability
We analyze the contract code and quickly notice a typo in the constructor function name: Fal1out instead of Fallout. This typo could lead to a potentially exploitable vulnerability.
contract Fallout {
using SafeMath for uint256;
mapping (address => uint) allocations;
address payable public owner;
/* constructor */
function Fal1out() public payable {
owner = msg.sender;
allocations[owner] = msg.value;
}
}
Step 2: Replicating the Exploit
We create a new contract that interacts with the vulnerable "Fallout" contract. This will allow us to claim ownership of the contract.
pragma solidity ^0.8;
interface Fallout {
function owner() external view returns (address);
function Fal1out() external payable;
}
Step 3: Executing the Exploit