05.delegatecall @CounterStrike

delegatecall(CounterStrike)

contract

pragma solidity ^0.5.10;

contract EasyBomb{
    bool private hasExplode = false;
    address private launcher_address;
    bytes32 private password;
    bool public power_state = true;
    bytes4 constant launcher_start_function_hash = bytes4(keccak256("setdeadline(uint256)"));
    Launcher launcher;

    constructor(address _launcher_address, bytes32 _fake_flag) public {
        launcher_address = _launcher_address;
        password = _fake_flag ;
    }

    modifier isOwner(){
        require(msgPassword() == password);
        require(msg.sender != tx.origin);
        uint x;
        assembly {
            x := extcodesize(caller) 
        }
        require(x == 0);
        _;
    }

    modifier notExplodeYet(){
        launcher = Launcher(launcher_address);
        require(block.number < launcher.deadline());
        hasExplode = true;
        _;
    }

    function msgPassword() public returns (bytes32 result)  {
        bytes memory msg_data = msg.data;
        if (msg_data.length == 0) {
            return 0x0;
        }
        assembly {
            result := mload(add(msg_data, add(0x20, 0x24)))
        }
    }

    function setCountDownTimer(uint256 _deadline) public isOwner notExplodeYet {
        launcher_address.delegatecall(abi.encodeWithSignature("setdeadline(uint256)",_deadline));
    }
}

contract Launcher{
    uint256 public deadline;

    constructor() public {
        deadline = block.number + 100;
    }

    function setdeadline(uint256 _deadline) public {
        deadline = _deadline;
    }
}

contract Setup {
    EasyBomb public easyBomb;

    constructor(bytes32 _password) public {
        easyBomb = new EasyBomb(address(new Launcher()), _password);
    }

    function isSolved() public view returns (bool) {
        return easyBomb.power_state() == false;
    }
}

analyses

和本博客文章[security-03]一样

solve