diff options
author | chriseth <c@ethdev.com> | 2016-06-28 23:29:08 +0800 |
---|---|---|
committer | chriseth <c@ethdev.com> | 2016-07-04 21:27:53 +0800 |
commit | 2df142c49618138ba7f38f32a76022caecc68abb (patch) | |
tree | 0d67461efc8993c9eeca5573b46f6ff6c5055d94 /docs/control-structures.rst | |
parent | 48238c9f1452b1326851af053c782734d0f67101 (diff) | |
download | dexon-solidity-2df142c49618138ba7f38f32a76022caecc68abb.tar dexon-solidity-2df142c49618138ba7f38f32a76022caecc68abb.tar.gz dexon-solidity-2df142c49618138ba7f38f32a76022caecc68abb.tar.bz2 dexon-solidity-2df142c49618138ba7f38f32a76022caecc68abb.tar.lz dexon-solidity-2df142c49618138ba7f38f32a76022caecc68abb.tar.xz dexon-solidity-2df142c49618138ba7f38f32a76022caecc68abb.tar.zst dexon-solidity-2df142c49618138ba7f38f32a76022caecc68abb.zip |
Security Considerations
Diffstat (limited to 'docs/control-structures.rst')
-rw-r--r-- | docs/control-structures.rst | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/control-structures.rst b/docs/control-structures.rst index 2f867cb0..6d615caf 100644 --- a/docs/control-structures.rst +++ b/docs/control-structures.rst @@ -69,6 +69,18 @@ this does not execute a constructor. We could also have used ``function setFeed( only (locally) sets the value and amount of gas sent with the function call and only the parentheses at the end perform the actual call. +.. warning:: + Any interaction with another contract imposes a certain danger, especially + if the source code of the contract is not known in advance. The current + contract hands over control to the called contract and that might do + just about anything. Be prepared that it calls into other contracts of + your system and perhaps even back into the calling contract before your + call returns. This means + that the called contract can change state variables of the calling contract + via its functions. Write your functions in a way that e.g. calls to + external functions happen after any changes to state variables in your contract, + so your contract is not vulnerable to a recursive call exploit. + Named Calls and Anonymous Function Parameters --------------------------------------------- |