“We keep out the wrong people – by letting anyone in.”
How to Submit Solution:
Use the below submission form to submit the solution: QuillCTF Submission Form
Objective of CTF
- Become the owner of the contract
- Change the value of hacked to true
Note: You can create POCs using Foundry or Hardhat. Without proper POC, your submissions will not be accepted.
Goerli link: https://goerli.etherscan.io/address/0xd2372eb76c559586be0745914e9538c17878e812
Contract Code:
// SPDX-License-Identifier: GPL-3.0
pragma solidity 0.8.7;
contract RoadClosed {
bool hacked;
address owner;
address pwner;
mapping(address => bool) whitelistedMinters;
function isContract(address addr) public view returns (bool) {
uint size;
assembly {
size := extcodesize(addr)
}
return size > 0;
}
function isOwner() public view returns(bool){
if (msg.sender==owner) {
return true;
}
else return false;
}
constructor() {
owner = msg.sender;
}
function addToWhitelist(address addr) public {
require(!isContract(addr),"Contracts are not allowed");
whitelistedMinters[addr] = true;
}
function changeOwner(address addr) public {
require(whitelistedMinters[addr], "You are not whitelisted");
require(msg.sender == addr, "address must be msg.sender");
require(addr != address(0), "Zero address");
owner = addr;
}
function pwn(address addr) external payable{
require(!isContract(msg.sender), "Contracts are not allowed");
require(msg.sender == addr, "address must be msg.sender");
require (msg.sender == owner, "Must be owner");
hacked = true;
}
function pwn() external payable {
require(msg.sender == pwner);
hacked = true;
}
function isHacked() public view returns(bool) {
return hacked;
}
}
‣
Learning Links:
Solution:
Author:
Team QuillAudits