Security – Can a Smart Contract Steal ETH?

contract-designinternal-transactionsSecuritytransactionswallet-transfer

I know that handing out your private key is like handing over your wallet and say "help yourself", but…

if I had register my public ETH address on some unknown smart contract (like sending a "transaction data" with MetaMask using 0 ETH), is it possible for the smart contract to withdraw/transfer ETH or any tokens from my wallet like a bank's debit order?

Best Answer

If you don't send any ether to a contract, it can't take any ether directly from you.

Tokens are another story. Those are just balances maintained in a smart contract. Most token transfers involve 0 ETH. Certainly sending a transaction to a token contract could result in those tokens being transferred, but even sending a transaction to a different contract could result in moved tokens. (A common case of this is ERC20 tokens' approve/transferFrom flow.)

Related Solutions

[Ethereum] Including transactions fees when sending out ETH from a smart contract

According to the solidity docs, I don't think your first request is possible. In fact, the docs recommend switching to a withdraw scheme:

Warning: There are some dangers in using send: The transfer fails if the call stack depth is at 1024 (this can
always be forced by the caller) and it also fails if the recipient runs out of gas. So in order to make safe Ether
transfers, always check the return value of send or even better: Use a pattern where the recipient withdraws the
money.

After switching to a withdrawal pattern, you can simply use web3.eth.estimateGas().

[Ethereum] Loading smart contract x with tokens; sending eth to smart contract x; receiving tokens for that eth

If you try to run the smart contract on this website Crowdsale In this process you have to build the erc20 token in 1st step and then 2nd step crowdsale , transafer some coins to this crowdsale contract.Anyone send the eth to this crowdsale contract will get the tokens.

Best Answer

Related Solutions

[Ethereum] Including transactions fees when sending out ETH from a smart contract

[Ethereum] Loading smart contract x with tokens; sending eth to smart contract x; receiving tokens for that eth

Related Topic