Ethernaut — Level 2— Fallout

Its time to level up. Let’s find out what does this level have in house for us.

Click here to access the source code

The task we need to complete is claim the ownership of the contract.

Lets analyze the source code:

1. We see a import of “SafeMath.sol” library. It is used to protect against integer overflows and underflows.
2. An “onlyOwner” modifier declared which makes sure that function with these modifiers can be called by the owner of the smart contract.
3. a “Fal1out()” which looks like the constructor and this is where the code to assign ownership of the contract is present.

To complete the exercise, the above information is good enough.

Investigation

It is a good practice to see what are the different methods and functions associated with the smart contract. You can view this via executing the below code.

contract.abi

Application Binary Interface (ABI) is similar to the API in web2 application context, helping as intermediator between JavaScript code and EVM bytecode.

Looking at the output we see something strange — a typo in the name of the constructor[“Fal1out” instead of “Fallout”]and further more the access specifier is public, which means everyone can access. So, basically the supposed to be a constructor is not an actual constructor and can be called by anyone since it is public but you would have to some gas fees since we see a “payable” property added.

Contract ABI

The Solution

Just call the Fal1out() function and you are done.

contract.Fal1out()
await contract.owner() //Check the owner's contract address

The learning from this simple exercise is to provide appropriate access specifiers to the contractor and better way to define a constructor is to actually use the keyword “constructor” and always have a look at the public methods and functions the contract is exposing, and who knows you might be able to locate something which was supposed to be private and not public.

/* constructor */ 
constructor payable { 
owner = msg.sender; allocations[owner] = msg.value;
}

Hope you learnt something new today. Stay tuned for more

Thanks for Reading!