aboutsummaryrefslogtreecommitdiffstats
path: root/docs/control-structures.rst
diff options
context:
space:
mode:
authorchriseth <c@ethdev.com>2016-06-28 23:29:08 +0800
committerchriseth <c@ethdev.com>2016-07-04 21:27:53 +0800
commit2df142c49618138ba7f38f32a76022caecc68abb (patch)
tree0d67461efc8993c9eeca5573b46f6ff6c5055d94 /docs/control-structures.rst
parent48238c9f1452b1326851af053c782734d0f67101 (diff)
downloaddexon-solidity-2df142c49618138ba7f38f32a76022caecc68abb.tar
dexon-solidity-2df142c49618138ba7f38f32a76022caecc68abb.tar.gz
dexon-solidity-2df142c49618138ba7f38f32a76022caecc68abb.tar.bz2
dexon-solidity-2df142c49618138ba7f38f32a76022caecc68abb.tar.lz
dexon-solidity-2df142c49618138ba7f38f32a76022caecc68abb.tar.xz
dexon-solidity-2df142c49618138ba7f38f32a76022caecc68abb.tar.zst
dexon-solidity-2df142c49618138ba7f38f32a76022caecc68abb.zip
Security Considerations
Diffstat (limited to 'docs/control-structures.rst')
-rw-r--r--docs/control-structures.rst12
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/control-structures.rst b/docs/control-structures.rst
index 2f867cb0..6d615caf 100644
--- a/docs/control-structures.rst
+++ b/docs/control-structures.rst
@@ -69,6 +69,18 @@ this does not execute a constructor. We could also have used ``function setFeed(
only (locally) sets the value and amount of gas sent with the function call and only the
parentheses at the end perform the actual call.
+.. warning::
+ Any interaction with another contract imposes a certain danger, especially
+ if the source code of the contract is not known in advance. The current
+ contract hands over control to the called contract and that might do
+ just about anything. Be prepared that it calls into other contracts of
+ your system and perhaps even back into the calling contract before your
+ call returns. This means
+ that the called contract can change state variables of the calling contract
+ via its functions. Write your functions in a way that e.g. calls to
+ external functions happen after any changes to state variables in your contract,
+ so your contract is not vulnerable to a recursive call exploit.
+
Named Calls and Anonymous Function Parameters
---------------------------------------------