2 min readFeb 23, 2022


Detailed explanation of Ethereum smart contract vulnerabilities — On-chain Vulnerability Recurrence -Self-Destructing Vulnerability

Welcome to follow and discuss with us


Malicious contracts can be used to selfdestruct to force sending Ether to any contract.

We deploy the game contract and co-deposit 0.2 ether twice:

Use metamask to switch accounts to deploy a second contract and execute the attack:

(Note: The seventh step is to verify the winner, we found that the winner is still the initial address, and the contract can no longer deposit money)

We can query the transaction records on the chain by attacking the address of the contract:

Developers can choose not to rely on address(this).balance to prevent this vulnerability:

In this way, the extra money the attacker enters will not be counted.




Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.