Ethernaut CTF - Telephone (Level 4)

Get the free 30-day AI Mastery series 💌: https://insights.gradientlabs.co/ Work with me 💪: https://offerings.gradientlabs.co/ Next up! Level 4 - Telephone In this CTF series, we’re going to learn more about the practical side of smart contract auditing and security. If you’re interested in more/similar content, checkout my channel or website below. My digital dumping ground - dylandavis.net Additional Resources Ethernaut CTF - https://ethernaut.openzeppelin.com/ Tx.origin phishing (blog) - https://hackernoon.com/hacking-solidity-contracts-using-txorigin-for-authorization-are-vulnerable-to-phishing Tx.origin dangers - https://blog.sigmaprime.io/solidity-security.html#tx-origin Phishing with Tx.origin (video) - https://youtu.be/mk4wDlVB4ro Web3 Blockchain Dev (video) - https://youtu.be/JENI43UhaaQ Valid use for tx.origin (blog) - https://www.derekarends.com/solidity-vulnerability-phishing-with-tx-origin/ Main takeaway (never auth with tx.origin) - https://docs.soliditylang.org/en/v0.6.2/security-considerations.html#tx-origin Timeline 00:00 - Intro to challenge 01:22 - Explaining the vulnerability 04:25 - Code Review (Wallet Contract) 14:34 - Resource Sharing 16:10 - tx.origin vs. msg.sender difference 18:50 - Web2 related hacks (CSRF) 20:22 - Code Review (Telephone) 22:12 - Solving Challenge 25:35 - Outro