Closed sunbeomso closed 4 years ago
Hi,
This is not a false positive because, as you point out, the Test
contract can receive ether via selfdestruct
.
During fuzzing, we sometimes set a contract's balance to positive and check if it can leak ethers. The consideration here is that a contract can always receive ether via payable functions (if any) or selfdestruct
.
If you don't want to set the balance of a contract without payable functions to positive, simply comment out these lines.
Best, Jingxuan
Thanks for the answer and pointing the relevant code snippet.
Hi, I have tested the following code using ILF.
As you can see, this
Test
contract does not have payable functions. Thus, the statementto.transfer(amount)
cannot send positive amount ofvalue
(>0) toto
(except for an edge case where another contract that has some Ethers is killed and send money toTest
via selfdestruct instruction).However, ILF says that this contract has leaking vulnerability. Could you explain why ILF flags this contract as vulnerable one?