# Delegation
The goal of this level is for you to claim ownership of the instance you are given.
First, look into Solidity's documentation on the
delegatecall (opens new window)
low level function, how it works (example 1 (opens new window) and
example 2 (opens new window)), how it can be used
to delegate operations to on-chain libraries, and what implications it has on
execution scope.
Also, you need to know how to properly set the msg.data
to invoke a proper function
(e.g., function selector (opens new window)).
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
contract Delegate {
address public owner;
constructor(address _owner) public {
owner = _owner;
}
function pwn() public {
owner = msg.sender;
}
}
contract Delegation {
address public owner;
Delegate delegate;
constructor(address _delegateAddress) public {
delegate = Delegate(_delegateAddress);
owner = msg.sender;
}
fallback() external {
(bool result,) = address(delegate).delegatecall(msg.data);
if (result) {
this;
}
}
}
The usage of delegatecall is particularly risky and has been used as an attack
vector on multiple historic hacks. With it, your contract is practically saying
"here, -other contract- or -other library-, do whatever you want with my state".
Delegates have complete access to your contract's state. The delegatecall
function is a powerful feature, but a dangerous one, and must be used with
extreme care.
Please refer to the The Parity Wallet Hack Explained (opens new window) article for an accurate explanation of how this idea was used to steal 30M USD.
← Vault Alien Codex →