👮
Contract Cops
  • Mastering Ethereum Book
    • What is ethereum?
    • Tokens
    • Oracles
    • Decenralized Applications(DApps)
    • The Ethereum virtual machine
    • Ethereum basics
    • Ethereum clients
    • Cryptography
    • Wallets
    • Transactions
    • Chapter 7 - Smart Contracts & Solidity
    • Side Notes
      • Tokens
      • Smart Contracts and Solidity
  • Cryptography
    • Ethereum Cryptography - Cheatsheet
    • Assymetric vs symmetric cryptography
    • ECDSA vs RSA
    • Elliptic curves and ECDSA
    • Sha-256 Example
    • Sha-256
    • What are the different steps in SHA-256?
  • Ethereum Blocks
    • Block Headers
  • Learning Solidity
    • Storage vs memory
    • Upgradeable contracts
      • Proxy pattern in smart contracts
  • PoS
    • Proof of stake
  • PoW
    • PoW
  • Tokens
    • ERC-1155
    • ERC20
  • Cryptonomics
    • Automated market makers
    • Collateral Tokens
    • Collateralized Stablecoin
    • Fiat currency
    • Liquidity pool
    • Open Position: Meaning and Risk in Trading
    • Slippage
    • Spot price
  • Common Attack Vectors
    • Checking access control
    • Access control issues on critical functions
    • Account Existence Check for low level calls
    • Account Existence Check
    • Common attacks with contract/EOA addresses
    • Arithmetic under/overflow
    • Assert Attack
    • Assert require revert
    • Assert Violation
    • Bad Interface DOS
    • Bad pragma and compiler
    • Block Timestamp Manipulation
    • Bypassing contract check
    • Code With No Effects
    • Code size check vulnerability
    • Constructors with Care
    • Default Visibilities
    • Delegatecall
    • Delegatecall
    • Denial of Service (DoS)
    • DoS with block gas limit
    • Entropy Illusion
    • External contract referencing
    • Flash Loan Attack
    • Floating Point and Precision
    • Function selector abuse
    • Function selector abuse
    • Smart contract gas griefing
    • Hash collision parameters
    • Hash Collisions With Multiple Variable Length Arguments
    • Imprecise arithmetic
    • Improper Array Deletion
    • Incorrect array deletion
    • Incorrect interface
    • Insufficient Gas Griefing
    • Loop through long arrays
    • Message call with hardcoded gas amount
    • Not enough gas for ether transfer
    • Precision Loss in Calculations
    • Oracle Manipulation
    • Public Burn Function
    • Read-only reentrancy
    • Race Conditions/Front Running
    • Reentrancy Attacks
    • Reentrancy
    • Requirement Violation
    • Right-To-Left-Override control character (U+202E)
    • Shadowing State Variables
    • Short Address / Parameter attack
    • Signature Malleability
    • Signature Replay
    • Transaction Order Dependence
    • Tx.Origin Authentication
    • Unchecked CALL Return Values
    • Unexpected ether
    • Uninitialized Storage Pointers
    • Unsafe Ownership Transfer
  • EIP's
    • EIP155
    • EIP55
  • PoW
    • Ethash
    • Scrypt - RFC 7914
  • Questions for self evaluation
    • Questions 23/04/2023 (Nr: 84)
    • Usability guide for questions
  • Frequently asked questions
    • What is the difference between transaction and message?
    • What is the use of a interface or function without implementation?
  • UsefulResources
Powered by GitBook
On this page
  1. Common Attack Vectors

Unexpected ether

PreviousUnchecked CALL Return ValuesNextUninitialized Storage Pointers

Last updated 2 years ago

Unexpected ether is when a contract is designed to not receive ether/only specific ether entrypoints, but ether is sent to it anyways.

This is typically done by using solidity's inbuilt selfdestruct(address) which deletes the bytecode of a contract and sends the balance to the address specified.

One common misconception that developers have about Solidity is that a contract must have a payable function/fallback in order to receive ether.

This is not true (and is a security pitfall), as contracts can receive ether with the above mentioned selfdestruct(), despite whether the vulnerable contract has anything payable.

IMPORTANT NOTE: The SELFDESTRUCT OPcode will eventually be deprecated and unusable

We can look at the following example for a simple contract, vulnerable to the unexpected ether attack:

We can see that the contract has strict equality checks, which is mistake number one.

Furthermore, the balance variable is directly derived from the contract's balance. This is a big security issue, as the balance of the contract itself can be artificially modified.

We define the following attack:

It is a simple contract that has a payable constructor (to insert ether when deploying) and a function that selfdestructs the contract and sends its balance to the vulnerable DepositGame.

We can see that in the vulnerable contract, there are exact value checks for 5 eth and 10 eth. An attacker is able to inject 0.1 ether into the contract, making the checks obsolete, as they can never get executed.

Another way to load ether unexpectedly into a contract is by pre-loading the address it will be deployed on.

Addresses are deterministic in the Ethereum blockchain (they are the hash of the public address of the transaction maker + the transaction nonce). Therefore, any hacker is able to predict and bruteforce an address, preloading it with ether and rendering any balance specific logic useless.

Preventative measuresContract logic should never rely directly on the contract balance itself, as it is artificially modifiable.A state variable can be introduced that keeps track of the balance. This state variable will prevent an attack, as it can only be updated from within a payable function and not with selfdestruct()

1680345046274
1680345180633