The Ethernaut is a Web3/Solidity based wargame inspired on overthewire.org. Here’s the solution to the Level 4 Telephone.
The initial info does not reveal much:
Claim ownership of the contract below to complete this level.
This time the code is really short:
A caller can set the owner to an arbitrary address, provided that the tx.origin is different than msg. sender. Tx .sender is a property with an address of the orignal caller, while msg.sender is an address of the direct caller of the function. Any time a contract calls other contract, tx.sender will become different that the msg.sender for all functions down the line of calls. The following contract will solve the challenge:
After deploying the attacker contract and running the attack function, the attack caller will become the owner of the Telephone contract. After that I can submit the instance and win the challenge.