Skip links

Table of Contents

Ethernaut Level 4 Walkthrough: Telephone

This Web3/Solidity-based wargame is akin to a hacking Capture The Flag (CTF) challenge, where each level presents a smart contract puzzle waiting to be ‘hacked’. It’s an immersive and interactive way to learn about Ethereum and Solidity programming. Let’s take a look at the Ethernaut Level 4 Walkthrough: Telephone

ethernaut level 4 walkthrough telephone

Telephone: Owning Up to the Deceptiveness of tx.origin

In the intriguing world of Ethereum smart contracts, security is paramount. Today, we’ll delve into Challenge 4: Telephone, a clever puzzle that exposes a vulnerability in how contracts identify message originators. By the end, we’ll not only conquer the challenge but gain valuable insights into the intricacies of tx.origin and msg.sender.

The Challenge’s Call

Challenge 4 presents a seemingly straightforward objective: claim ownership of a pre-deployed smart contract. But there’s a catch! Directly calling the contract’s changeOwner function won’t grant ownership. This compels us to think outside the box and exploit a clever trick.

Unveiling the Contract’s Secrets

The first step is to understand the contract’s logic. We need to dissect how it verifies ownership claims. Here, the key lies in differentiating between two crucial variables:

  • tx.origin: This represents the original initiator of the transaction, the user’s wallet address.
  • msg.sender: This signifies the address directly calling the function, which could be another contract.

The Art of Deception

The vulnerability lies in the fact that a contract can’t directly determine tx.origin. Here’s where the magic happens:

  1. We craft a new smart contract, let’s call it Impersonator.
  2. Impersonator mirrors the changeOwner function from the Telephone contract.
  3. The twist: When called, Impersonator‘s changeOwner function relays the call to the Telephone contract’s changeOwner, but with a crucial twist.

The Grand Illusion

Instead of directly calling Telephone’s changeOwnerImpersonator acts as a middleman. This seemingly insignificant step alters how the Telephone contract perceives the message origin. Because Impersonator calls Telephone’s changeOwnermsg.sender becomes Impersonator‘s address, while tx.origin remains our user wallet.

The Telephone contract, lacking the ability to see tx.origin, gets deceived. It believes Impersonator is claiming ownership, while in reality, the transaction originated from our wallet, making us the true owner.

Beyond the Challenge

Challenge 4 sheds light on the potential pitfalls of relying solely on msg.sender for authorization. It emphasizes the importance of considering tx.origin when necessary to prevent ownership manipulation or other vulnerabilities.

The Road Ahead

The Ethernaut challenges provide a fantastic platform to explore the intricacies of smart contract security. Each challenge unveils new concepts and challenges our understanding of Solidity. As we venture further, stay tuned for more explorations into the captivating realm of Ethereum smart contracts!

This blog post explores Challenge 4, highlighting the significance of understanding tx.origin and msg.sender for robust smart contract design. By exploiting the limitations of message origin identification, we not only conquered the challenge but gained valuable security insights.

Ready for the next Ethernaut challenge? Click to check out the previous ethernaut challenge and see what’s next in our series!

faq

FAQs

What is the Ethernaut Level 4: Telephone challenge?

  • The challenge involves interacting with a smart contract to change ownership by exploiting specific conditions in its code.

How do you solve the Ethernaut Level 4: Telephone challenge?

  • Solve it by using another contract to call the target contract’s function, thereby bypassing the direct call restriction.

What skills are needed to complete Ethernaut Level 4?

  • A basic understanding of Ethereum, Solidity, and how smart contracts operate is essential.

What tools are required for the Ethernaut challenges?

  • Tools like Remix IDE, Metamask, and a solid understanding of Ethereum’s test networks are necessary.

What is the importance of the Telephone challenge in learning Ethereum?

  • It teaches about function visibility, contract interaction, and security considerations in smart contract development.

Metana Guarantees a Job 💼

Plus Risk Free 2-Week Refund Policy ✨

You’re guaranteed a new job in web3—or you’ll get a full tuition refund. We also offer a hassle-free two-week refund policy. If you’re not satisfied with your purchase for any reason, you can request a refund, no questions asked.

Web3 Solidity Bootcamp

The most advanced Solidity curriculum on the internet!

Full Stack Web3 Beginner Bootcamp

Learn foundational principles while gaining hands-on experience with Ethereum, DeFi, and Solidity.

You may also like

Metana Guarantees a Job 💼

Plus Risk Free 2-Week Refund Policy

You’re guaranteed a new job in web3—or you’ll get a full tuition refund. We also offer a hassle-free two-week refund policy. If you’re not satisfied with your purchase for any reason, you can request a refund, no questions asked.

Web3 Solidity Bootcamp

The most advanced Solidity curriculum on the internet

Full Stack Web3 Beginner Bootcamp

Learn foundational principles while gaining hands-on experience with Ethereum, DeFi, and Solidity.

Learn foundational principles while gaining hands-on experience with Ethereum, DeFi, and Solidity.

Events by Metana

Dive into the exciting world of Web3 with us as we explore cutting-edge technical topics, provide valuable insights into the job market landscape, and offer guidance on securing lucrative positions in Web3.

Start Your Application

Secure your spot now. Spots are limited, and we accept qualified applicants on a first come, first served basis..

Career Track(Required)

The application is free and takes just 3 minutes to complete.

What is included in the course?

Expert-curated curriculum

Weekly 1:1 video calls with your mentor

Weekly group mentoring calls

On-demand mentor support

Portfolio reviews by Design hiring managers

Resume & LinkedIn profile reviews

Active online student community

1:1 and group career coaching calls

Access to our employer network

Job Guarantee