diff options
author | chriseth <chris@ethereum.org> | 2018-04-17 18:19:22 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-04-17 18:19:22 +0800 |
commit | 2be2988817a31fd705a60bbb595798952f84b20a (patch) | |
tree | 2ed54adf9d725386e70cd7f8d56074bf970e0ddd | |
parent | d1e8acaf1aba00b95e108451b798fa9aa9928386 (diff) | |
parent | 3710fb59f005073ea397b3d11df25f005cc663d0 (diff) | |
download | dexon-solidity-2be2988817a31fd705a60bbb595798952f84b20a.tar dexon-solidity-2be2988817a31fd705a60bbb595798952f84b20a.tar.gz dexon-solidity-2be2988817a31fd705a60bbb595798952f84b20a.tar.bz2 dexon-solidity-2be2988817a31fd705a60bbb595798952f84b20a.tar.lz dexon-solidity-2be2988817a31fd705a60bbb595798952f84b20a.tar.xz dexon-solidity-2be2988817a31fd705a60bbb595798952f84b20a.tar.zst dexon-solidity-2be2988817a31fd705a60bbb595798952f84b20a.zip |
Merge pull request #3906 from ethereum/updateSecuryt
Update security considerations.
-rw-r--r-- | docs/security-considerations.rst | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/docs/security-considerations.rst b/docs/security-considerations.rst index 49fd7ea4..3e1c3a12 100644 --- a/docs/security-considerations.rst +++ b/docs/security-considerations.rst @@ -225,9 +225,6 @@ Minor Details ============= - In ``for (var i = 0; i < arrayName.length; i++) { ... }``, the type of ``i`` will be ``uint8``, because this is the smallest type that is required to hold the value ``0``. If the array has more than 255 elements, the loop will not terminate. -- The ``constant`` keyword for functions is currently not enforced by the compiler. - Furthermore, it is not enforced by the EVM, so a contract function that "claims" - to be constant might still cause changes to the state. - Types that do not occupy the full 32 bytes might contain "dirty higher order bits". This is especially important if you access ``msg.data`` - it poses a malleability risk: You can craft transactions that call a function ``f(uint8 x)`` with a raw byte argument @@ -239,6 +236,22 @@ Minor Details Recommendations *************** +Take Warnings Seriously +======================= + +If the compiler warns you about something, you should better change it. +Even if you do not think that this particular warning has security +implications, there might be another issue buried beneath it. +Any compiler warning we issue can be silenced by slight changes to the +code. + +Also try to enable the "0.5.0" safety features as early as possible +by adding ``pragma experimental "v0.5.0";``. Note that in this case, +the word ``experimental`` does not mean that the safety features are in any +way risky, it is just a way to enable some features that are +not yet part of the latest version of Solidity due to backwards +compatibility. + Restrict the Amount of Ether ============================ |