Ethernaut CTF - Delegation (Level 6)

Get the free 30-day AI Mastery series 💌: https://insights.gradientlabs.co/ Work with me 💪: https://offerings.gradientlabs.co/ Next up! Level 6 - Delegation In this CTF series, we’re going to learn more about the practical side of smart contract auditing and security. If you’re interested in more/similar content, checkout my channel or website below. My digital dumping ground - dylandavis.net Additional Resources Ethernaut CTF - https://ethernaut.openzeppelin.com/ Web3 Blockchain Developer (Delegation challenge) - https://youtu.be/Kj5UQ42gVqE?list=PLBy3Qkuapv_7R1ZI_Cs2NOFn7ZTaNWY6G Sigma Prime Delegatecall vulnerabilities - https://blog.sigmaprime.io/solidity-security.html#delegatecall Mastering Ethereum Book (same as above) - https://github.com/ethereumbook/ethereumbook/blob/develop/09smart-contracts-security.asciidoc#delegatecall Smart Contract Developer (2-part series) - https://youtu.be/bqn-HzRclps Code for above 2-part series - https://solidity-by-example.org/hacks/delegatecall/ Blog for exploiting delegate call - https://www.derekarends.com/solidity-vulnerability-understanding-delegatecall/ Corresponding video for above blog - https://youtu.be/pkVzTsUqV2E Delegatecall Solidity Docs - https://docs.soliditylang.org/en/v0.8.11/introduction-to-smart-contracts.html?highlight=delegatecall#delegatecall-callcode-and-libraries Stack Exchange (best definition) - https://ethereum.stackexchange.com/questions/3667/difference-between-call-callcode-and-delegatecall Proxy Contracts (upgradable contracts) - https://blog.openzeppelin.com/proxy-patterns/ Flaws in proxy pattern (Trail of bits) - https://blog.trailofbits.com/2018/09/05/contract-upgrade-anti-patterns/ State variable ordering explanation - https://blockchain-academy.hs-mittweida.de/courses/solidity-coding-beginners-to-intermediate/lessons/solidity-5-calling-other-contracts-visibility-state-access/topic/delegatecall/ Timeline 00:00 - Intro to challenge 01:37 - Resource sharing 05:52 - Delegatecalls explained 09:06 - How is delegatecall used 12:13 - Flaws in delegatecall 16:58 - Code Review 21:18 - Solving challenge 26:25 - Outro