Tag: Ethereum security

Ethereum Smart Contract SelfDestruct, Destroys Your Contract

Author wefightforsecurityPosted on August 28, 2021August 28, 2021Categories web securityTags , , , 2 Comments on Ethereum Smart Contract SelfDestruct, Destroys Your Contract

Ethereum logo used to discuss Self Destruct.
Ethereum Logo from Wikipedia

Ethereum Solidity code is used for writing smart contracts in Ethereum and a feature is called SelfDestruct. This is basically a function, that has existed in the Ethereum protocol since 2013. We are diving into Self Destruct and the problems with it.

What does Self Destruct do?

Self Destruct is written as SelfDestruct in the Solidity code. SelfDestruct can be used to dynamically update code, or delete code. A problem with SelfDestruct is no permission is needed for someone else to use it to update your code or delete code from an external contract. You also don’t have to use SelfDestruct within your code, as there are at least two other functions that can be used in an external contract for you to run it. Those functions are DelegateCall and CallCode, which are used a lot. No authentication or form of consent is needed for external contracts to modify your contract.

Someone can write a separate Ethereum Smart Contract written in Solidity that can interact with your Smart Contract. The other Smart contact can steal eth, delete the contract, updating the contract, or alter it. We wrote about stopping Ethereum contracts from being able to interact with your contract in our OnlyOwner article.

Some contracts need to interact with other contracts, which introduces a re-entrancy attack, unless it is secured. Securing against re-entrancy attack can be simple or complex, depending on how your code is written. These are just a few things that you want your smart contract secured against.

SelfDestruct is not the only function that can be used to modify another smart contract, but it is the one we are focusing on today. The creator of Ethereum looking back, wouldn’t have added SelfDestruct and they’re looking at a way to remove it, or make it not as much of a threat as it is now.

Smart Contracts can be written as secure as humanly possible, though based on what we discussed above, it is clear that the Ethereum blockchain is not in any form an immutable blockchain.

If you are writing a smart contract and need help, you can hire us, or contact us. You can also tweet us.

Ethereum Smart Contract Preventing Other Solidity Contracts From Hacking You

Author wefightforsecurityPosted on August 25, 2021August 25, 2021Categories web securityTags , 4 Comments on Ethereum Smart Contract Preventing Other Solidity Contracts From Hacking You

An Ethereum Smart Contract is written in Solidity, and has many built in-security features. In this article we are discussing a security feature, which is a specific Ethereum modifier that stops people from writing another smart contract that can interact with yours.

What is an Ethereum modifier?

It is in layman terms, built-in functions you can use in your own contract. While some smart contracts need to allow other Smart contracts to communicate with them, others it poses a great security risk to them. The Ethereum Modifier in Ethereum Smart Contracts called OnlyOwner is a great security feature. The name is very straightforward, There is Only the Owner of the Contract should be able to make changes.

modifier onlyOwner { require(msg.sender == owner); _; }

Great, now you have the modifier available to use, if you put this in your contract, but now you need to actually use it, not just have it there. If you’re writing a solidity file called Owned, then you should have the line that says 

function transferOwnership(address newOwner) public onlyOwner {

        owner = newOwner;
}

and in Congress.sol, you should put 

contract Congress is owned, tokenRecipient {
/// your stuff here }

This works great, if you are following the Solidity Style guide, which is where the code snippets are from. Always follow the Solidity Styles whenever possible.


Hopefully this quick review of the Ethereum Smart contract modifier OnlyOwner has been helpful for you when writing your contract in Solidity. We understand this isn’t always an option, which is why we have a lot more articles coming soon for you.