Hi all. I was following this article (https://medium.com/nomic-labs-blog/malicious-backdoors-in-ethereum-proxies-62629adf3357) and I am really struggling to understand something… It won’t take much of your time to read this, much better than me trying to explain it here.
So on the article, The @alcuadrado gives us the home-task https://ropsten.etherscan.io/address/0xb97dd0102bb67f81d25d686c661d7f0aed62e344
and tells us to find name clashing exploits.
Let me first start to tell you how I see the contracts.
UnstructuredStorageProxyis the main one which users interact with
Vaultcontract, so basically the calls get redirected from
Vaultwith the help of
ACLcontract is just the contract that
As far as I realized,
getACLRole5999294130779334338() have the same name classhing(first 4 bytes - 0253). After this , I don’t understand how it’s exploitable.
Can you explain to me how it would exactly be exploitable in a very easy words ? I’d really appreciate it because this is very confusing for me…