diff options
| author | Alex Beregszaszi <alex@rtfs.hu> | 2017-10-29 21:28:42 +0800 |
|---|---|---|
| committer | Alex Beregszaszi <alex@rtfs.hu> | 2017-11-22 12:08:35 +0800 |
| commit | 23379e10614cccf9126fca09781a1d2dcdfede90 (patch) | |
| tree | 089c555949ed76eea06e611e8a9eebc638e248e9 /docs/security-considerations.rst | |
| parent | b7fb1bc0a6e7311bf09118c228ba8d93dc944328 (diff) | |
| download | dexon-solidity-23379e10614cccf9126fca09781a1d2dcdfede90.tar dexon-solidity-23379e10614cccf9126fca09781a1d2dcdfede90.tar.gz dexon-solidity-23379e10614cccf9126fca09781a1d2dcdfede90.tar.bz2 dexon-solidity-23379e10614cccf9126fca09781a1d2dcdfede90.tar.lz dexon-solidity-23379e10614cccf9126fca09781a1d2dcdfede90.tar.xz dexon-solidity-23379e10614cccf9126fca09781a1d2dcdfede90.tar.zst dexon-solidity-23379e10614cccf9126fca09781a1d2dcdfede90.zip | |
Ensure each code snippet in the docs can be extracted for tests
Diffstat (limited to 'docs/security-considerations.rst')
| -rw-r--r-- | docs/security-considerations.rst | 50 |
1 files changed, 26 insertions, 24 deletions
diff --git a/docs/security-considerations.rst b/docs/security-considerations.rst index 6586cb5f..337a3d3f 100644 --- a/docs/security-considerations.rst +++ b/docs/security-considerations.rst @@ -55,18 +55,18 @@ complete contract): :: - pragma solidity ^0.4.0; - - // THIS CONTRACT CONTAINS A BUG - DO NOT USE - contract Fund { - /// Mapping of ether shares of the contract. - mapping(address => uint) shares; - /// Withdraw your share. - function withdraw() { - if (msg.sender.send(shares[msg.sender])) - shares[msg.sender] = 0; - } - } + pragma solidity ^0.4.0; + + // THIS CONTRACT CONTAINS A BUG - DO NOT USE + contract Fund { + /// Mapping of ether shares of the contract. + mapping(address => uint) shares; + /// Withdraw your share. + function withdraw() { + if (msg.sender.send(shares[msg.sender])) + shares[msg.sender] = 0; + } + } The problem is not too serious here because of the limited gas as part of ``send``, but it still exposes a weakness: Ether transfer always @@ -79,18 +79,18 @@ outlined further below: :: - pragma solidity ^0.4.11; + pragma solidity ^0.4.11; - contract Fund { - /// Mapping of ether shares of the contract. - mapping(address => uint) shares; - /// Withdraw your share. - function withdraw() { - var share = shares[msg.sender]; - shares[msg.sender] = 0; - msg.sender.transfer(share); - } - } + contract Fund { + /// Mapping of ether shares of the contract. + mapping(address => uint) shares; + /// Withdraw your share. + function withdraw() { + var share = shares[msg.sender]; + shares[msg.sender] = 0; + msg.sender.transfer(share); + } + } Note that re-entrancy is not only an effect of Ether transfer but of any function call on another contract. Furthermore, you also have to take @@ -179,7 +179,9 @@ Never use tx.origin for authorization. Let's say you have a wallet contract like } } -Now someone tricks you into sending ether to the address of this attack wallet:: +Now someone tricks you into sending ether to the address of this attack wallet: + +:: pragma solidity ^0.4.11; |