Lucene search

K
code423n4Code4renaCODE423N4:2023-05-BASE-FINDINGS-ISSUES-115
HistoryJun 09, 2023 - 12:00 a.m.

selfdestruct(self) does not clear balance

2023-06-0900:00:00
Code4rena
github.com
12
vulnerability
impact
proof of concept
ethereum
contract
balance
selfdestruct

Lines of code
<https://github.com/ethereum-optimism/optimism/blob/382d38b7d45bcbf73cb5e1e3f28cbd45d24e8a59/l2geth/core/state/statedb.go#L467&gt;

Vulnerability details

Impact

Balance is stored in OVM_ETH contract, function opSuicide() increments it,
then Sucide does not change it, at the end of function it will be decremented.
Which means it will not be changed.

Proof of Concept

// SPDX-License-Identifier: GPL-3.0

pragma solidity &gt;=0.7.0 &lt;0.9.0;

contract Test {
    constructor() payable {}
    function del() public { 
      selfdestruct(payable(address(this)));
    }
   
}

contract TestManager {
    address public addr;
    uint256 public bal;
    constructor(address a) {
        addr = a;
    } 
    function del() public {
        Test(addr).del();    
        bal = addr.balance;
    }

}

1)run local dev network

2)deploy Test contract with some Ether

3)deploy TestManager with the address of Test contract

4)call del() method of TestManager contract

5)observe value of TestManager.bal variable, it will be equal to balance of Test contract. In evm compatible environment this should be zero.

Tools Used

Recommended Mitigation Steps

Assessed type

Error


The text was updated successfully, but these errors were encountered:

All reactions