This vulnerability is due to a famous solidity functionality:
selfdestruct(payable(addressThat)), this is used to send all the ETH present in a contract to another contract at addressThat. selfdestruct is operation at EVM level which clears all data from the contract and frees up space on the blockchain.
It is also quite cheaper than addressThat.send(this.balance) to send all eth to some other contract.
Let's see this with an example:
contract dontWant { // no payable function, hence can't recieve eth
function something() external pure returns(uint) {
return 1;
}
function getBalance() external view returns(uint) {
return address(this).balance;
}
}
Attacker:
contract Attacker {
receive() external payable { // we will send ether to this contract
}
function attack(address _dontWant) payable external { // this contract will forecfully send all ether to dontWant
selfdestruct(payable(_dontWant));
}
function getBalance() external view returns(uint) {
return address(this).balance;
}
}
When we send some ETH to Attacker contract and call attack() function, dontWant recieves ETH.
Any contract can send ETH to any other contract (even if receiver contract has no receive/fallback function) using selfdestruct.
But why is this a vulnerability in the first place? What's wrong in recieving free ETH?
You will get answers these in the next post (Force Send ETH - 2)
Top comments (0)