Skip to content

silverologist/selfdestruct-attack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.github/workflows
.github/workflows
 
 
lib
lib
 
 
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
README.md
README.md
 
 
foundry.toml
foundry.toml
 
 

Repository files navigation

VulnerableGame - Demonstrating a Smart Contract Exploit

This repository showcases a vulnerability in a Solidity smart contract, VulnerableGame, and demonstrates how it can be exploited using a SelfDestructExploit contract.

Overview

  • VulnerableGame: A game where players deposit 1 ether. The first player to make the contract balance reach 10 ether wins and can withdraw all funds. The game is then reset and can start over.
  • SelfDestructExploit: A malicious contract that uses selfdestruct to forcibly send ether to the VulnerableGame contract, bypassing its logic, making the game unplayable and the funds unretrievable.

Problem

The VulnerableGame contract is vulnerable because:

  1. It relies on address(this).balance for game logic.
  2. It doesn’t prevent nor handle unexpected ether transfers.

Exploit

The SelfDestructExploit contract can forcibly send ether using selfdestruct, causing:

  • The game to reach the target balance unexpectedly.
  • Potentially locking or misdirecting funds.

How to Test the Vulnerability

Prerequisites

  • Foundry
  • Solidity compiler (v0.8.x).

Steps

  1. Clone the Repository:

    git clone https://github.com/nightowlish/selfdestruct-attack.git
cd selfdestruct-attack

  2. Compile the Contracts: Use Foundry to compile the smart contracts:

    forge install
forge build

  3. Run the Exploit:

    forge test --match-test testExploit -vvv

About

Selfdestruct exploit POC

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages