# Ethernaut - Fallout Writeup

By [abbudi](https://paragraph.com/@abbudi) · 2023-06-25

---

Fallout includes a very simple exploit, but can be tricky if you trust the comments written by the author.

**Clear conditions:**

*   Claim ownership of the contract
    

![Fallout source code](https://storage.googleapis.com/papyrus_images/c7ebcbf91c6cc13cdfcf802a2883087cc0ce66297aab5d14665c1d1558707f9e.png)

Fallout source code

Take a read of the contract yourself, and see if anything stands out already.

The **constructor** is a **function**! Even though it is labelled as a constructor by the author’s comment.

This means that anyone can call **Fal1out()** and claim ownership of the contract.

![Imports & Variables](https://storage.googleapis.com/papyrus_images/dea931c0d187c2a637aad083065b66a93420a3eab4c64e7fe434087e80b64d6a.png)

Imports & Variables

Let’s first import modules we’ll need as well as read required environment variables.

![Reusing functions](https://storage.googleapis.com/papyrus_images/650601946b06f018f2a8fbc85e865e39d3cef90cfde5471153519f9ef8d0aa91.png)

Reusing functions

We’ll also reuse the functions we made in the previous challenge. The first function returns a contract object to allow us to interact with the challenge instance, and the second signs a transaction and returns its receipt.

If you want to learn how these functions work in greater detail, you can read the **Fallback** writeup:

[https://mirror.xyz/0x9C6D113a0Eafcfe3BcEbF25b0CD0F77778EeB851/TibBVMl7Bb7ZEf8UVyo\_4HrjcE-t01fxxZRibzOTxX0](https://mirror.xyz/0x9C6D113a0Eafcfe3BcEbF25b0CD0F77778EeB851/TibBVMl7Bb7ZEf8UVyo_4HrjcE-t01fxxZRibzOTxX0)

![Attack](https://storage.googleapis.com/papyrus_images/a4c99a8044d8733d43e9c235a7f7f24c54c0b20638754c99345bd121b8f7dd52.png)

Attack

Now it’s as simple as creating the contract object, calling **Fal1out()**, and checking if the transaction succeeded or not.

_Moral of the story: Don’t trust developer comments, the code may behave differently than the developer intends._

If you want to read the full Python code, you can find it here:

[https://github.com/imam-abbudi/ethernaut-web3py-solutions/blob/main/fallout/fallout.py](https://github.com/imam-abbudi/ethernaut-web3py-solutions/blob/main/fallout/fallout.py)

---

*Originally published on [abbudi](https://paragraph.com/@abbudi/ethernaut-fallout-writeup)*
