lunaray
2 min readFeb 23, 2022

--

Detailed explanation of Ethereum smart contract vulnerabilities — On-chain Vulnerability Recurrence -Self-Destructing Vulnerability

Welcome to follow and discuss with us

Author: support@lunaray.co

Malicious contracts can be used to selfdestruct to force sending Ether to any contract.

We deploy the game contract and co-deposit 0.2 ether twice:

Use metamask to switch accounts to deploy a second contract and execute the attack:

(Note: The seventh step is to verify the winner, we found that the winner is still the initial address, and the contract can no longer deposit money)

We can query the transaction records on the chain by attacking the address of the contract:

https://kovan.etherscan.io/tx/0x12ca574bf79fd089cdb8717cb7a401c639d6d8bc7d3ea82181753c4b535d83c5

Developers can choose not to rely on address(this).balance to prevent this vulnerability:

In this way, the extra money the attacker enters will not be counted.

Blockchain
Smart Contract Blockchain
Ethereum
Solidity
Vulnerability

--

--

lunaray

Written by lunaray

201 Followers

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.

More from lunaray

See all from lunaray

Recommended from Medium

Lists

Modern Marketing

33 stories139 saves

My Kind Of Medium (All-Time Faves)

43 stories73 saves

Best of The Writing Cooperative

67 stories67 saves
A search field with results below. In the background are book covers.

Now in AI: Handpicked by Better Programming

266 stories153 saves
See more recommendations

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams