# Challenge #11 - Backdoor
To incentivize the creation of more secure wallets in their team, someone has deployed a registry of [Gnosis Safe wallets](<https://github.com/safe-global/safe-contracts/blob/v1.3.0/contracts/GnosisSafe.sol>). When someone in the team deploys and registers a wallet, they will earn 10 DVT tokens.
To make sure everything is safe and sound, the registry tightly integrates with the legitimate [Gnosis Safe Proxy Factory](<https://github.com/safe-global/safe-contracts/blob/v1.3.0/contracts/proxies/GnosisSafeProxyFactory.sol>), and has some additional safety checks.
Currently there are four people registered as beneficiaries: Alice, Bob, Charlie and David. The registry has 40 DVT tokens in balance to be distributed among them.
Your goal is to take all funds from the registry. In a single transaction.
[See the contracts](<https://github.com/nicolasgarcia214/damn-vulnerable-defi-foundry/tree/master/src/Contracts/backdoor>)
<br/>
[Complete the challenge](<https://github.com/nicolasgarcia214/damn-vulnerable-defi-foundry/blob/master/test/Levels/backdoor/Backdoor.t.sol>)
msg.sender = walletFactory
function createProxyWithCallback
initializer has to be a call to GnosisSafe.Setup
function setup(
address[] calldata _owners,
uint256 _threshold,
address to,
bytes calldata data,
address fallbackHandler,
address paymentToken,
uint256 payment,
address payable paymentReceiver
)
Setting up an attack module to install:
from Factory:
createProxyWithCallbackwill call the proxyCreated as callback
inside both of them, there is an initializer arg for setup: