Smart Contract / Unprotected Ether Withdrawal

Description

Unprotected Ether Withdrawal (UEW) is a type of smart contract vulnerability that can be exploited by malicious actors to steal cryptocurrencies from vulnerable contracts, such as Simple Wallet Contracts (SWC). UEW occurs when a smart contract allows ether to be withdrawn without any restrictions or checks for authorization. This type of vulnerability, categorized as CWE-836, is described in the CWE directory as "a contract that does not properly restrict the amount of Ether that can be withdrawn from it".

Risk

UEW poses a significant risk to the security of smart contracts and users’ funds, as malicious actors can exploit the vulnerability to steal cryptocurrencies. Without proper authorization checks, a malicious actor can call a contract’s withdraw function and siphon off funds. The risk of UEW increases with the amount of ether held in the vulnerable contract.

Solution

The best way to mitigate UEW is to implement authorization checks and limits for the amount of ether that can be withdrawn from a contract. For example, a contract can be set up to require a specific address or transaction hash to authenticate the withdrawal request and to limit the amount of ether that can be withdrawn in a single transaction.

Example

The following code example, taken from a CVE report, demonstrates the UEW vulnerability in a vulnerable Simple Wallet Contract (SWC).

pragma solidity >=0.5.0;

contract SimpleWallet {
    mapping(address => uint256) public balances;

    constructor() public {
        balances[msg.sender] = 1 ether;
    }

    function withdraw() public {
        msg.sender.transfer(balances[msg.sender]);
        balances[msg.sender] = 0;
    }
}

In the above contract, anyone can call the withdraw function and siphon off all ether held in the contract without any authorization checks.