...by Daniel Szego
quote
"Simplicity is the ultimate sophistication."
Leonardo da Vinci

Friday, March 23, 2018

Solidity security patterns - forcing ether to a contract


Never use conditions or contracts that assume that the contract balance is zero. The problem is that the selfdestruct(targetaddress) command forces to send to the address contract independently how the targetaddress is defined. 

contract Balance
{
    function getBalance() view returns (uint){
        return this.balance;
    }
    
    function () payable{
        revert();
    }
}

contract ForceTransfer{
    address toTransfer;

    function getBalance() view returns (uint){
        return this.balance;
    }
    
    function payToContract() payable{
    }
    
    function ForceTransfer(address _address){
        toTransfer = _address;
    }
    
    function kill(){
        selfdestruct(toTransfer);
    }
}

Considering the previous examples, even if Balance explicitly implement a revert() in case a selfdestruct forces ether to the contract, there is no way to prevent it. As a consequence, patterns that implicitly or explicitly assume that the balance of the account is zero provide a relative huge security risk