Level 11 - Elevator ⏺⏺
Level Setup
Level Contract
Exploit
top
must first return false
when called, then true
the next time. The interface for Building
is set to msg.sender
.
Create a contract that exploits this by implementing a function
isLastFloor
that setstop
totrue
.
Submit instance... 🥳
Completion Message
Notes
The function
isLastFloor
is called twice, with the returned value changing for the same input as the state is changed.If the
isLastFloor
had been restricted to view, then this attack wouldn't be possible (unless it was calling a library, which doesn't have runtime checks to make sure it doesn't modify the state when it says it's view)
Last updated