Solidity Attack Vector #12: Force Feeding

Force feeding occurs when an attacker sends Ether to a contract to deliberately alter its state in a way that the contract's code does not account for.

Scenario

A contract might use its balance to decide whether a user can withdraw or not. By injecting extra ETH, the attacker can block withdrawals for everyone or bypass security checks.

Defense

Don't rely on address(this).balance. Use an internal state variable to track the 'real' funds belonging to the protocol.