lunaray
2 min readFeb 23, 2022

--

Detailed explanation of Ethereum smart contract vulnerabilities
— — On-chain Vulnerability Recurrence -Self-Destructing Vulnerability

Detailed explanation of Ethereum smart contract vulnerabilities — On-chain Vulnerability Recurrence -Self-Destructing Vulnerability

Welcome to follow and discuss with us

Author: support@lunaray.co

0x01 Introduction

Malicious contracts can be used to selfdestruct to force sending Ether to any contract.

0x02 Vulnerable contract

We deploy the game contract and co-deposit 0.2 ether twice:

0x03 Attack contract

Use metamask to switch accounts to deploy a second contract and execute the attack:

(Note: The seventh step is to verify the winner, we found that the winner is still the initial address, and the contract can no longer deposit money)

We can query the transaction records on the chain by attacking the address of the contract:

https://kovan.etherscan.io/tx/0x12ca574bf79fd089cdb8717cb7a401c639d6d8bc7d3ea82181753c4b535d83c5

0x04 Security advice

Developers can choose not to rely on address(this).balance to prevent this vulnerability:

In this way, the extra money the attacker enters will not be counted.

--

--

lunaray

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.