Skip to main content

When to Use This Pattern

Prevents rapid ETH draining by limiting sudden large withdrawals, giving protocols time to respond to potential exploits. Critical for DeFi lending platforms using ETH as collateral, cross-chain bridges with large ETH reserves, DAOs and protocol treasuries, staking protocols managing ETH deposits, yield aggregators holding ETH, and centralized exchanges. Malicious actors often attempt to extract all available ETH in a single transaction after discovering exploits, leading to catastrophic fund loss.
Real-world example: In February 2025, Bybit suffered one of the largest hacks in crypto history, losing approximately $1.4 billion USD when attackers compromised Safe Wallet’s UI and changed the implementation address of their proxy contract. This allowed the attackers to drain all assets without requiring additional approvals from the original owners. ETH drain assertions, especially with whitelist functionality, could have prevented or significantly limited the impact of this attack. See the Bybit Safe UI attack for more details.

What This Pattern Checks

Implements tiered protection strategy to detect rapid ETH draining:
  • _preTx() / _postTx() with Reshiram snapshot reads: Capture contract’s ETH balance and whitelist balances before/after transaction
  • registerTxEndTrigger(): Trigger when ETH balances change
  • For small withdrawals (below threshold): Allow regardless of destination
  • For large withdrawals (above threshold): Require destination to be whitelisted address
  • If no whitelist defined, block all large withdrawals as safety measure
The tiered approach ensures normal operations with small withdrawals continue uninterrupted while restricting large withdrawals to trusted addresses. For more information about cheatcodes, see the Cheatcodes Documentation.

Assertion Pattern

Full examples and mock protocol code are available in credible-std.