An Interest In:
Web News this Week
- March 21, 2024
- March 20, 2024
- March 19, 2024
- March 18, 2024
- March 17, 2024
- March 16, 2024
- March 15, 2024
Force Send ETH - 1
This vulnerability is due to a famous solidity functionality:
selfdestruct(payable(addressThat))
, this is used to send all the ETH present in a contract to another contract at addressThat. selfdestruct
is operation at EVM level which clears all data from the contract and frees up space on the blockchain.
It is also quite cheaper than addressThat.send(this.balance)
to send all eth to some other contract.
Let's see this with an example:
contract dontWant { // no payable function, hence can't recieve eth function something() external pure returns(uint) { return 1; } function getBalance() external view returns(uint) { return address(this).balance; }}
Attacker:
contract Attacker { receive() external payable { // we will send ether to this contract } function attack(address _dontWant) payable external { // this contract will forecfully send all ether to dontWant selfdestruct(payable(_dontWant)); } function getBalance() external view returns(uint) { return address(this).balance; }}
When we send some ETH to Attacker
contract and call attack()
function, dontWant
recieves ETH.
Any contract can send ETH to any other contract (even if receiver contract has no receive/fallback function) using selfdestruct
.
But why is this a vulnerability in the first place? What's wrong in recieving free ETH?
You will get answers these in the next post (Force Send ETH - 2)
Original Link: https://dev.to/rushanksavant/force-send-eth-1-2on1
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To