2 min readMar 17, 2022


Detailed explanation of Ethereum smart contract vulnerabilities — — On-Chain Vulnerability Recurrence Denial of service(DoS)

Detailed explanation of Ethereum smart contract vulnerabilities — On-chain Vulnerability Recurrence — Denial of Service(DoS)

Welcome to follow and discuss with us


0x01 Vulnerability principle

Accounts can receive funds via <address>.call, while contracts cannot.

0x02 Vulnerable contract

The exploit is based on solidity ^0.8.10 version

The goal of KingOfEther is that the user becomes the new king by sending more ETH than the previous user, and the contract refunds the ether sent by the previous king.

0x03 Attack idea

Using <address>.call, it is impossible to send currency to the contract address, making the attack contract the new king and invalidating the vulnerable contract.

0x04 Attack contract

Next, write the attack contract:

Among them, the hacker pays the vulnerability contract through the attack function, which will cause the attack contract to become the new king, and no one can become the next new king.

0x05 Attack process

  1. Deploy KingOfEther
  2. Alice becomes king by sending 1 Ether to claimThrone().
  3. Bob becomes king by sending 2 Ether to claimThrone(). Alice receives a refund of 1 ether.
  4. Deploy the attack with the address of KingOfEther.
  5. Call attack with 3 Ether
  6. The current king is attacking the contract, and no one can become the new king.

0x06 On-chain recurrence

The vulnerability has been reproduced on the chain according to the attack process. If there are new users forcing the transaction, an error will occur:

0x07 prevention techniques

  • One way to prevent this is to allow users to withdraw their ether instead of sending it.

Record the total amount of money played by the account that has become king, and let the account withdraw money through the withdrawal function to prevent this vulnerability.




Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.