Switch Challenge

Turn the switch off by correctly manipulating bytes data and understanding function selectors.

Vulnerable Code

Analyze the Solidity code below to find the vulnerability.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract Switch {
    bool public switchOn; // Slot 0
    bytes4 public offSelector = bytes4(keccak256("turnSwitchOff()"));
    bytes4 public onSelector = bytes4(keccak256("turnSwitchOn()"));

    function turnSwitchOn() public { switchOn = true; }
    function turnSwitchOff() public { switchOn = false; }

    // Vulnerable dispatcher
    function flipSwitch(bytes calldata _data) public {
        bytes4 sig = bytes4(_data[:4]); // Assume sufficient length
        if (sig == onSelector) { turnSwitchOn(); }
        else if (sig == offSelector) { turnSwitchOff(); }
    }
}

Submit Explanation

Explain the vulnerability and how to exploit it.

Your Explanation

Hints (3)

Just a little peak

Hint 1

Hint 2

Hint 3

Explanation

Discomfort = Learning

Switch Challenge

Unveil Explanation