Preventing Smart Contract Attacks on Ethereum — “DELEGATECALL” | by Abhishek Chauhan | Feb, 2022

Let’s write a vulnerable smart contract code, see how attacks work, and understand the preventing techniques to fix it

Abhishek Chauhan
photo credit: Arnold Francisca
FibonacciLib.sol
FbonacciBalance.sol

Exploit

This contract allows a participant to withdraw ether from the contract, with the amount of ether being equal to the Fibonacci number corresponding to the participant’s withdrawal order; that is, the 1st participant gets 1 ether, the 2nd also gets 1, the 3rd gets 2, the 4th gets 3, the 5th gets 5, and so on until the balance of the contract is less than the Fibonacci number being withdrawn.

Attack.sol

Preventive Measure

Solidity provides the library keyword for implementing library contracts. This ensures the library contract is stateless and non-self-destructible.

Real-world hack example: Parity Multisig Wallet (2nd Hack)

Library Contract:

WalletLibrary.sol
Wallet.sol

Leave a Comment