Back to Vulnerability database

King of the Ether Hack

ID Submit date Publish date Author Score
1 10.25.2018 10.25.2018 Major Tom 10.0

Decription

The King of the Ether Throne contract behaved correctly in all cases apart from when it sent a payment to a "contract account" such as an Ethereum Mist "contract-based wallet". When the King of the Ether Throne contract sent a payment to a "contract account", it inadvertently included only a small amount of gas with the payment - 2300 gas. This was not enough gas for an Ethereum Mist "contract-based wallet" contract to succesfully process a payment - instead the wallet contract failed. When a wallet contract failed to process the payment sent to it by the KotET contract, the ether paid was returned to the KotET contract. The KotET was not aware that the payment had failed and it continued processing, making the caller King despite the compensation payment not having been sent to the previous monarch. The specific line of Solidity code used to send payments was: currentMonarch.etherAddress.send(compensation); Vector: BVSS:1.1/B:L/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/CI:N/II:H/AI:H

Component

Smart contract

Platform

Ethereum

Subclass

Unchecked-send

Original source

https://www.kingoftheether.com/postmortem.html

Comments