0

All contracts have addresses. Is it, in theory, possible to find the private key of this address and then get access to this contract? Questions if this is possible:

  1. If one gets access to the contract, can they send transactions from this contract? Or even drain the balance of the contract?
  2. What if someone gets access to this contract address before creating the contract itself? This would mean TX already exist in this contract before it is created. Does that have any consequence?

This sounds like a very interesting attack vector to me. Imagine someone creating a contract which attracts a lot of ether. The code in the contract states that the owner cannot drain ether. However, the owner has the private key of this contract and suddenly sends a transaction draining all the ether.

It is claimed that 'contracts have no private key'. But I can create a private key which gives me the same address as the contract. What if I call extcodesize in another contract on msg.sender? What if I send a transaction from the contract and one from the EOA? The creation of a contract should create code in an address and hence extcodesize changes from 0 to nonzero when a contract is created, hence both calls from EOA and contract come from the same source and extcodesize returns nonzero. Hence contracts have private keys.

JBrouwer
  • 1,062
  • 8
  • 19
  • There are not private keys for the contract. you own the contract only if you wrote code allowing you to take control of it. – Jaime Mar 29 '18 at 16:29
  • If I have the private key which results into the contract address, then what? – JBrouwer Mar 29 '18 at 17:05
  • contracts do not have and do not generate private keys at any point. You seem to be confusing externally owned accounts with contract accounts. See this for more information https://ethereum.stackexchange.com/questions/29683/does-a-smart-contract-have-a-private-key – Jaime Mar 29 '18 at 17:28
  • I understand wat EOA's and contracts are. I'll keep pushing my question. Let's say I send a transaction from a contract and from an EOA with the SAME address. Now a contract calls extcodesize (see https://ethereum.stackexchange.com/questions/44127/modifier-for-no-contract-calls) on the address. What will it return? Are you telling me it can return zero and nonzero for the same address? – JBrouwer Mar 29 '18 at 18:44
  • Thanks for the link, I find it educative. What do you mean by SAME address, the EOA, and the contract have the same address? I do not think this is possible. But this is going to other topics. Your question ask (1) about the private key of the contract and there is no such thing and (2) If an address is already assigned to an EOA then that address will not be assigned to a contract. And again, and EOA and a contract can not have the same address so the scenario that you present is not possible. If I am wrong, please let me know. Thanks for the discussion. – Jaime Mar 29 '18 at 19:47
  • Do you have any sources on this? Because this creates bugs into the system - if you create a transaction creating a contract (where your address + nonce determine the contract address if I am right) and this address already is taken by an EOA, this should then be reverted. I find that very strange. Questions: 1) source on contracts have no private key (the duplicate question says elsewise!) and 2) address cannot be EOA and contract at same time - source? Thanks! – JBrouwer Mar 29 '18 at 21:52
  • You are right that the new contract address is the hash of the sender address + nonce https://ethereum.stackexchange.com/questions/760/how-is-the-address-of-an-ethereum-contract-computed/761#761 . The nonce is the number of transactions the sender has done. notice the to deploy a contract and get for it the same dress you have is impossible under this scheme. However if the contract is deployed by someone else there is a chance that you will get the same address of an existing account, but this is the same with EOAs and contracts but the probability is 1 on 2^160. – Jaime Mar 30 '18 at 07:08
  • https://ethereum.stackexchange.com/questions/4299/account-uniqueness-guaranteed here info about the account uniqueness. – Jaime Mar 30 '18 at 07:10
  • Let us continue this discussion in chat. – Jaime Mar 30 '18 at 07:10

0 Answers0