Cover photo

Ethernaut - Fallout Writeup

Fallout includes a very simple exploit, but can be tricky if you trust the comments written by the author.

Clear conditions:

  • Claim ownership of the contract

Fallout source code
Fallout source code

Take a read of the contract yourself, and see if anything stands out already.

The constructor is a function! Even though it is labelled as a constructor by the author’s comment.

This means that anyone can call Fal1out() and claim ownership of the contract.

Imports & Variables
Imports & Variables

Let’s first import modules we’ll need as well as read required environment variables.

Reusing functions
Reusing functions

We’ll also reuse the functions we made in the previous challenge. The first function returns a contract object to allow us to interact with the challenge instance, and the second signs a transaction and returns its receipt.

If you want to learn how these functions work in greater detail, you can read the Fallback writeup:

https://mirror.xyz/0x9C6D113a0Eafcfe3BcEbF25b0CD0F77778EeB851/TibBVMl7Bb7ZEf8UVyo_4HrjcE-t01fxxZRibzOTxX0

Attack
Attack

Now it’s as simple as creating the contract object, calling Fal1out(), and checking if the transaction succeeded or not.

Moral of the story: Don’t trust developer comments, the code may behave differently than the developer intends.

If you want to read the full Python code, you can find it here:

https://github.com/imam-abbudi/ethernaut-web3py-solutions/blob/main/fallout/fallout.py