In certain circumstances, contracts can be forced to receive ether without triggering any code. This should be considered by the contract developers in order to avoid breaking important invariants in their code.
An attacker can use a specially crafted contract to forceful send ether using suicide / selfdestruct:
contract Sender {
function receive_and_suicide(address target) payable {
suicide(target);
}
}Alternatively, if a miner sets some contract as the block's coinbase then it's ether balance will be increased without executing any fallback() or receive() code that might be present.
- The MyAdvancedToken contract in coin.sol is vulnerable to this attack. The owner will not be able to perform a migration of the contract if it receives ether outside of a call to
buy().
There is no way to completely block the reception of ether. The only mitigation is to avoid assuming how the balance of the contract increases and implement checks to handle this type of edge cases.