Force Send ETH – 1

This vulnerability is because of a well-known solidity performance:

selfdestruct(payable(addressThat)), that is used to ship all of the ETH current in a contract to a different contract at addressThat. selfdestruct is operation at EVM stage which clears all information from the contract and frees up area on the blockchain.

Additionally it is fairly cheaper than addressThat.ship(this.stability) to ship all eth to another contract.

Let’s examine this with an instance:

contract dontWant { // no payable perform, therefore cannot recieve eth
    perform one thing() exterior pure returns(uint) {
        return 1;
    }

    perform getBalance() exterior view returns(uint) {
        return deal with(this).stability;
    }
}
Enter fullscreen mode

Exit fullscreen mode

Attacker:

contract Attacker {
    obtain() exterior payable { // we are going to ship ether to this contract

    }

    perform assault(deal with _dontWant) payable exterior { // this contract will forecfully ship all ether to dontWant
        selfdestruct(payable(_dontWant));
    }

    perform getBalance() exterior view returns(uint) {
        return deal with(this).stability;
    }
}
Enter fullscreen mode

Exit fullscreen mode

After we ship some ETH to Attacker contract and name assault() perform, dontWant recieves ETH.

Any contract can ship ETH to every other contract (even when receiver contract has no obtain/fallback perform) utilizing selfdestruct.
However why is that this a vulnerability within the first place? What’s unsuitable in recieving free ETH?
You’re going to get solutions these within the subsequent put up (Drive Ship ETH – 2)

Add a Comment

Your email address will not be published. Required fields are marked *