It can affect a smart contract’s internal budgeting and security considerations to require it to maintain an Ether balance. A smart contract may obtain Ether in a variety of ways. The hierarchy looks like this:
- Verify if a defined billable external accept function exists.
- If not, see if a specified payable outside fallback method.
- Revert.
This excellent image from the section Solidity by Example explains the order of each function:
Which function is called, fallback() or receive()?
You can understand it better with the given example:
pragma solidity ^0.8.13;
contract Vulnerable {
receive() external payable {
revert();
}
function somethingBad() external {
require(address(this).balance > 0);
// Do something bad
}
}The rationale of the contract appears to forbid direct transactions and prevent “anything bad” from occurring. The contract cannot stop receiving Ether by calling revert in fallback or receive, though. You can force-feed ethereum to a smart contract using the methods listed below.
Selfdestruct
Funds from the caller address are transmitted to the location on the stack whenever the SELFDESTRUCT opcode is invoked, and execution is instantly stopped. Solidity-level operations that would prevent the reception of Ether from happening will not be performed because this opcode operates at the EVM level.
Predetermined Deployments
Additionally, freshly deployed smart contracts produce their target address in a predictable manner. Any EVM code, such as the Ether Foundation’s py-evm reference model, can be used to look up the address development:
def generate_contract_address(address: Address, nonce: int) -> Addresss:
return force_bytes_to_address(keccak(rlp.encode([address, nonce])))This address is susceptible to assault before the implementation has taken place. This 2017 Underhanded Solidity Contest entry serves as another example.
Coinbase and Block Rewards
The ability of the attacker will determine if they can also begin proof-of-work mining. Block payouts will be deposited to the account by setting the destination address to its coinbase. Since this is another EVM-level feature, Solidity’s checks are useless.
Solution
The aforementioned consequences show that it is unreliable to base comparisons on precise comparisons to the smart contract’s Ether balance. Business logic for the smart contract must take into account the possibility that the actual amount linked to it may be higher than the value indicated by internal accounting.
We strongly discourage utilizing the contract’s account value as a guard in general.
Join our beta program now https://www.olympix.ai/
Originally published at https://www.linkedin.com.
