Detailed explanation of Ethereum smart contract vulnerabilities
— — On-chain Vulnerability Recurrence -Self-Destructing Vulnerability
Detailed explanation of Ethereum smart contract vulnerabilities — On-chain Vulnerability Recurrence -Self-Destructing Vulnerability
Welcome to follow and discuss with us
Author: support@lunaray.co
0x01 Introduction
Malicious contracts can be used to selfdestruct to force sending Ether to any contract.
0x02 Vulnerable contract
We deploy the game contract and co-deposit 0.2 ether twice:
0x03 Attack contract
Use metamask to switch accounts to deploy a second contract and execute the attack:
(Note: The seventh step is to verify the winner, we found that the winner is still the initial address, and the contract can no longer deposit money)
We can query the transaction records on the chain by attacking the address of the contract:
https://kovan.etherscan.io/tx/0x12ca574bf79fd089cdb8717cb7a401c639d6d8bc7d3ea82181753c4b535d83c5
0x04 Security advice
Developers can choose not to rely on address(this).balance to prevent this vulnerability:
In this way, the extra money the attacker enters will not be counted.