Fallout – Level 2 Walkthrough

Welcome to the second level of the Ethernaut wargame by OpenZeppelin, focused on smart contract constructor vulnerabilities.

Challenge Objective

You are given a contract with a misnamed constructor. Your goal is to:

• Exploit the typo to become the contract owner
• (Optionally) withdraw any contract balance
• Submit the instance to complete the level

Prerequisites

Before you begin, ensure the following:

• MetaMask is installed and connected
• Test ETH is available (Goerli, Sepolia, etc.)
• Familiarity with using browser DevTools and executing JavaScript commands
• Access to the Ethernaut Game

Getting Started

1. Load the Level

• Navigate to ethernaut.openzeppelin.com
• Select “Fallout” from the list of levels
• Click “Get new instance”
• Approve the MetaMask transaction to deploy your personalized challenge contract

Once the contract is deployed, it will inject a global object called contract into your browser console.

Walkthrough – Step by Step

🗒️ Step 1: Check the Current Owner

await contract.owner()

The owner is likely the zero address or uninitialized.

🛠️ Step 2: Call the Misnamed Constructor

await contract.Fal1out({ value: "1" })

This function is public due to a typo (Fal1out instead of Fallout). Calling it sets you as the owner.

🔍 Step 3: Confirm Ownership

await contract.owner()

The owner should now be your address.

💸 Step 4: (Optional) Withdraw Allocations

If the contract holds ETH, you can withdraw it:

await contract.collectAllocations()

Only the owner can call this function.

✅ Step 5: Submit the Level

Click “Submit instance” in the UI and confirm the MetaMask transaction. Once successful, the level is marked as completed.

💡 What You Learn

• The importance of correct constructor naming in Solidity <0.7.0
• How typos can introduce critical vulnerabilities
• How to claim ownership by exploiting public functions
• The evolution to the constructor keyword in newer Solidity versions

Concepts Covered

📁 Resources

• Ethernaut Game
• YouTube Walkthrough