Open in app

Sign in

Write

Sign in

Locked Ether Vulnerability in Smart Contracts

Olympix
2 min readMay 3, 2023

--

Smart contracts are vulnerable to various security flaws. One of these flaws is the locked ether vulnerability, which can result in funds being trapped in a contract indefinitely. In this article, we will discuss the locked ether vulnerability and how the Olympix static analyzer can help identify it.

What Makes Locked Ether a Vulnerability?

The locked ether vulnerability can occur when a smart contract accepts ether but does not provide a way for users to withdraw it or destroy the contract. If the contract receiving the ether has a fallback function that does not allow ether to be withdrawn or a function that locks the ether without allowing it to be withdrawn, then the ether will be stuck in the contract indefinitely.

Here is an example of how the locked ether vulnerability can be introduced into a contract:

contract LockedEther {
    uint public lockedAmount;

    function () payable external {
        lockedAmount += msg.value;
    }
}

In this example, the fallback function accepts ether but does not provide a way for users to withdraw it. As a result, any ether sent to this contract will be added to the lockedAmount variable, which can’t be withdrawn or destroyed.

The Mitigation

To prevent the locked ether vulnerability, smart contract developers should ensure that their contracts provide a way for users to withdraw any ether they have deposited. This can be done by adding a withdraw function to the contract, like this:

contract FixedEther {
    uint public lockedAmount;
    address payable public owner;

    constructor() public {
        owner = msg.sender;
    }

    function deposit() payable public {
        lockedAmount += msg.value;
    }

    function withdraw() public {
        require(msg.sender == owner, "Only the contract owner can withdraw the ether.");
        owner.transfer(address(this).balance);
    }
}

In this example, the contract owner can withdraw the ether by calling the withdraw function, which transfers the ether to the owner’s address. This way, users can deposit and withdraw ether as needed, without fear of their funds being locked in the contract.

Olympix Static Analyzer

In addition to the best practices mentioned above, smart contract developers can use the Olympix tool to identify the locked ether vulnerability in their Solidity code. Our state-of-the-art static analyzer runs as a VSCode extension and it helps developers detect potential vulnerabilities in real time.

Sign up on our website to get access: olympix.ai

--

--

Olympix
Olympix

Written by Olympix

196 Followers
0 Following

The future of web3 security.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams