1

While I was reading a guide on smart contract security (by consensys) I found this:

// INSECURE
contract Auction {
    address currentLeader;
    uint highestBid;

    function bid() payable {
        require(msg.value > highestBid);

        require(currentLeader.send(highestBid)); // Refund the old leader, if it fails then revert

        currentLeader = msg.sender;
        highestBid = msg.value;
    }
}

The vulnerability here (quoted from the guide):

When it tries to refund the old leader, it reverts if the refund fails. This means that a malicious bidder can become the leader while making sure that any refunds to their address will always fail. In this way, they can prevent anyone else from calling the bid() function, and stay the leader forever.

How can someone make all the incoming transactions(the refunds) to their address fail? In case of a contract I guess the answer is having a revert inside the fallback function. In the case of simple address how can someone do it? I am asking cause it really blew my mind since I have never heard of this before(cause it's kind of pointless i guess).

Cheers!

Improve this question

2 Answers 2

Reset to default
0

An address can also be another contract, which is executed when the Auction tries to send funds to it. That other contract can just execute an illegal instruction or use up all the gas to make the refund transaction fail.

Sending funds to account addresses cannot fail as far as I know (at least if the sender has sufficient funds).

Improve this answer
2
  • 1
    Hello, thank you for the instant reply. In case of another contract yes it's pretty easy to make sure it fails. The thing I don't get is how you can make it fail in case of a simple address(the address you use for your wallet)
    – mrNick
    Commented Mar 13, 2018 at 17:50
  • I don't think you can. The only way I can see is to make sure the call depth is at 1024 when the refund should occur, but that requires cooperation with the original sender of the transaction.
    – mafrasi2
    Commented Mar 13, 2018 at 17:52
0

Just to add a little bit more information after the correct existing answer. I don't see a way to fail a transaction to an EOA (Externally Owned Address) as long as you give enough gas.

When you send Ether to an address you don't possibly know whether it's a contract address or an EOA. Or maybe it's a brand new address and it's neither (yet).

If you send Ether to a non-used address the transaction can't fail but it stays in the address. After that someone may even create a contract which uses that address and which has a fallback revert but the Ether is already in the address so it can't be reverted. This is one of the ways to send Ether to a contract with no option to deny the Ether.

Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.