aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Beregszaszi <alex@rtfs.hu>2017-12-12 12:22:45 +0800
committerGitHub <noreply@github.com>2017-12-12 12:22:45 +0800
commit40e871692618d26dd325c2a71ef3ba4f9bfe186e (patch)
tree36bae87cc7a51f4be9daf0d4471c2524cbc1c70d
parent55a681dcad718517815b7241a083871d2c5033a1 (diff)
parent37b06884b26ec55fcc9bad2d6744b09dcf568006 (diff)
downloaddexon-solidity-40e871692618d26dd325c2a71ef3ba4f9bfe186e.tar
dexon-solidity-40e871692618d26dd325c2a71ef3ba4f9bfe186e.tar.gz
dexon-solidity-40e871692618d26dd325c2a71ef3ba4f9bfe186e.tar.bz2
dexon-solidity-40e871692618d26dd325c2a71ef3ba4f9bfe186e.tar.lz
dexon-solidity-40e871692618d26dd325c2a71ef3ba4f9bfe186e.tar.xz
dexon-solidity-40e871692618d26dd325c2a71ef3ba4f9bfe186e.tar.zst
dexon-solidity-40e871692618d26dd325c2a71ef3ba4f9bfe186e.zip
Merge pull request #3197 from medvedev1088/fix-security-considerations-example
Add another example with call to demonstrate Re-Entrancy
-rw-r--r--docs/security-considerations.rst23
1 files changed, 20 insertions, 3 deletions
diff --git a/docs/security-considerations.rst b/docs/security-considerations.rst
index 337a3d3f..1e2138fa 100644
--- a/docs/security-considerations.rst
+++ b/docs/security-considerations.rst
@@ -69,10 +69,27 @@ complete contract):
}
The problem is not too serious here because of the limited gas as part
-of ``send``, but it still exposes a weakness: Ether transfer always
-includes code execution, so the recipient could be a contract that calls
+of ``send``, but it still exposes a weakness: Ether transfer can always
+include code execution, so the recipient could be a contract that calls
back into ``withdraw``. This would let it get multiple refunds and
-basically retrieve all the Ether in the contract.
+basically retrieve all the Ether in the contract. In particular, the
+following contract will allow an attacker to refund multiple times
+as it uses ``call`` which forwards all remaining gas by default:
+
+::
+
+ pragma solidity ^0.4.0;
+
+ // THIS CONTRACT CONTAINS A BUG - DO NOT USE
+ contract Fund {
+ /// Mapping of ether shares of the contract.
+ mapping(address => uint) shares;
+ /// Withdraw your share.
+ function withdraw() {
+ if (msg.sender.call.value(shares[msg.sender])())
+ shares[msg.sender] = 0;
+ }
+ }
To avoid re-entrancy, you can use the Checks-Effects-Interactions pattern as
outlined further below: