Impersonator

Call a specific function on the target contract, making it appear as if the call originated from a required, privileged address.

Vulnerable Code

Analyze the Solidity code below to find the vulnerability.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

interface ITarget {
    function protectedFunction() external returns (bool);
}

contract Impersonator {
    address constant REQUIRED_CALLER = 0x000000000000000000000000000000000000BEEF; // Example address

    function execute(address target) public returns (bool) {
        // Vulnerable: Allows arbitrary calls from this contract
        // Need to make the call to target.protectedFunction()
        // such that msg.sender *inside* protectedFunction appears as REQUIRED_CALLER

        // Low-level call needed
        bytes memory callData = abi.encodeWithSignature("protectedFunction()");

        // Simple .call() won't work as msg.sender will be Impersonator contract
        // (bool success, bytes memory result) = target.call(callData);

        // Delegatecall won't work unless Impersonator has the storage layout
        // and protectedFunction logic itself.

        // The trick often involves deploying this Impersonator contract
        // AT the REQUIRED_CALLER address using CREATE2, or finding another
        // way to execute code *from* that address.

        // Another possibility: The target has a vulnerability allowing IT
        // to make a call where msg.sender can be controlled.

         // Assume protectedFunction requires msg.sender == REQUIRED_CALLER
         require(msg.sender == REQUIRED_CALLER, "Caller not authorized"); // Inside Target.protectedFunction

        // Placeholder return
        return false;
    }
}

Submit Explanation

Explain the vulnerability and how to exploit it.

Your Explanation

Hints (5)

Just a little peak

Hint 1

Hint 2

Hint 3

Hint 4

Hint 5

Explanation

Discomfort = Learning

Impersonator

Unveil Explanation