Challenge - 5 Problems

🎖️

Access Control Mastery

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ Predict Output

intermediate

2:00remaining

What is the output of this Solidity contract function?

Consider the following Solidity contract snippet that implements a simple role-based access control. What will be the output when checkAccess is called by address 0x123?

Blockchain / Solidity

pragma solidity ^0.8.0;

contract AccessControl {
    mapping(address => bool) public admins;

    constructor() {
        admins[msg.sender] = true;
    }

    function checkAccess(address user) public view returns (string memory) {
        if (admins[user]) {
            return "Access granted";
        } else {
            return "Access denied";
        }
    }
}

A"Access granted"

B"Access denied"

CCompilation error

DRuntime error

Attempts:

2 left

🧠 Conceptual

intermediate

2:00remaining

Which access control pattern is demonstrated by this smart contract snippet?

This contract uses a mapping of addresses to booleans to control who can call certain functions. What is this pattern called?

Blockchain / Solidity

mapping(address => bool) private whitelist;

function addToWhitelist(address user) public onlyOwner {
    whitelist[user] = true;
}

modifier onlyWhitelisted() {
    require(whitelist[msg.sender], "Not whitelisted");
    _;
}

ACapability-based access control

BRole-based access control

CWhitelist access control

DDiscretionary access control

Attempts:

2 left

🔧 Debug

advanced

2:00remaining

Why does this smart contract fail to restrict access properly?

Examine the following Solidity code. Why can anyone call restrictedFunction even though it is supposed to be restricted?

Blockchain / Solidity

pragma solidity ^0.8.0;

contract FaultyAccess {
    address public owner;

    constructor() {
        owner = msg.sender;
    }

    modifier onlyOwner() {
        require(owner == msg.sender);
        _;
    }

    function restrictedFunction() public onlyOwner {
        // restricted logic
    }

    function changeOwner(address newOwner) public {
        owner = newOwner;
    }
}

AAnyone can call changeOwner and set themselves as owner, bypassing restriction

BThe constructor does not set the owner correctly

CThe modifier onlyOwner is missing a revert message, so it does not revert on failure

DThe restrictedFunction is not marked as public

Attempts:

2 left

📝 Syntax

advanced

2:00remaining

Which option correctly implements a modifier to restrict access to an admin role?

Choose the correct Solidity code snippet that defines a modifier onlyAdmin which restricts function access to addresses marked as admins in a mapping.

modifier onlyAdmin() {
    if (!admins[msg.sender]) {
        revert("Not admin");
    }
}

modifier onlyAdmin() {
    if (admins[msg.sender]) {
        _;
    } else {
        revert("Not admin");
    }
}

modifier onlyAdmin() {
    require(admins[msg.sender] == true);
}

modifier onlyAdmin() {
    require(admins[msg.sender], "Not admin");
    _;
}

Attempts:

2 left

🚀 Application

expert

2:00remaining

How many addresses have access after running this smart contract code?

Given the following Solidity contract, how many addresses will have access after deploying and calling grantAccess three times with different addresses?

Blockchain / Solidity

pragma solidity ^0.8.0;

contract MultiAccess {
    mapping(address => bool) private accessList;

    function grantAccess(address user) public {
        accessList[user] = true;
    }

    function hasAccess(address user) public view returns (bool) {
        return accessList[user];
    }
}

DCannot determine without knowing the addresses

Attempts:

2 left