Detailed explanation of Ethereum smart contract vulnerabilities
— — On-chain Vulnerability Recurrence -Self-Destructing Vulnerability

0x01 Introduction

Malicious contracts can be used to selfdestruct to force sending Ether to any contract.

0x02 Vulnerable contract

We deploy the game contract and co-deposit 0.2 ether twice:

0x03 Attack contract

Use metamask to switch accounts to deploy a second contract and execute the attack:

(Note: The seventh step is to verify the winner, we found that the winner is still the initial address, and the contract can no longer deposit money)

We can query the transaction records on the chain by attacking the address of the contract:

https://kovan.etherscan.io/tx/0x12ca574bf79fd089cdb8717cb7a401c639d6d8bc7d3ea82181753c4b535d83c5

0x04 Security advice

Developers can choose not to rely on address(this).balance to prevent this vulnerability:

In this way, the extra money the attacker enters will not be counted.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
lunaray

lunaray

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.