Update documentation to version 0.4.0.

author: chriseth <c@ethdev.com> 2016-09-05 22:29:08 +0800
committer: chriseth <c@ethdev.com> 2016-09-07 01:11:41 +0800
commit: 4f5a95d569408e6a0a94c54b1eb39ea62b873c5e (patch)
tree: e0624ae19d837fb8e2acf9f828c4464e9e788c60 /docs/security-considerations.rst
parent: fbe0edb32c973166efbd5c0ac556f37fd38584d6 (diff)
download: dexon-solidity-4f5a95d569408e6a0a94c54b1eb39ea62b873c5e.tar
dexon-solidity-4f5a95d569408e6a0a94c54b1eb39ea62b873c5e.tar.gz
dexon-solidity-4f5a95d569408e6a0a94c54b1eb39ea62b873c5e.tar.bz2
dexon-solidity-4f5a95d569408e6a0a94c54b1eb39ea62b873c5e.tar.lz
dexon-solidity-4f5a95d569408e6a0a94c54b1eb39ea62b873c5e.tar.xz
dexon-solidity-4f5a95d569408e6a0a94c54b1eb39ea62b873c5e.tar.zst
dexon-solidity-4f5a95d569408e6a0a94c54b1eb39ea62b873c5e.zip
1 files changed, 9 insertions, 3 deletions
diff --git a/docs/security-considerations.rst b/docs/security-considerations.rst
index 8800487c..4ada8545 100644
--- a/docs/security-considerations.rst
+++ b/docs/security-considerations.rst
@@ -51,7 +51,7 @@ complete contract):
 
 ::
 
-    pragma solidity ^0.4.0;
+  pragma solidity ^0.4.0;
 
   // THIS CONTRACT CONTAINS A BUG - DO NOT USE
   contract Fund {
@@ -75,7 +75,7 @@ outlined further below:
 
 ::
 
-    pragma solidity ^0.4.0;
+  pragma solidity ^0.4.0;
 
   contract Fund {
       /// Mapping of ether shares of the contract.
@@ -134,6 +134,11 @@ Sending and Receiving Ether
      means for the recipient to block progress in the sending contract. Again, the best practice here is to use
      a :ref:`"withdraw" pattern instead of a "send" pattern <withdrawal_pattern>`.
 
+- Contracts currently cannot prevent that someone sends them Ether.
+  They can react on and reject a regular transfer, but there are ways
+  to move Ether without creating a message call. One way is to simply "mine to"
+  the contract address and the second way is using ``selfdestruct(x)``. 
+
 Callstack Depth
 ===============
 
@@ -155,6 +160,7 @@ Never use tx.origin for authorization. Let's say you have a wallet contract like
 
     pragma solidity ^0.4.0;
 
+    // THIS CONTRACT CONTAINS A BUG - DO NOT USE
     contract TxUserWallet {
         address owner;
 
@@ -186,7 +192,7 @@ Now someone tricks you into sending ether to the address of this attack wallet:
         }
     }
 
-If your wallet had checked msg.sender for authorization, it would get the address of the attack wallet, instead of the owner address. But by checking tx.origin, it gets the original address that kicked off the transaction, which is still the owner address. The attack wallet instantly drains all your funds.
+If your wallet had checked ``msg.sender`` for authorization, it would get the address of the attack wallet, instead of the owner address. But by checking tx.origin, it gets the original address that kicked off the transaction, which is still the owner address. The attack wallet instantly drains all your funds.
 
 
 Minor Details
author	chriseth <c@ethdev.com>	2016-09-05 22:29:08 +0800
committer	chriseth <c@ethdev.com>	2016-09-07 01:11:41 +0800
commit	4f5a95d569408e6a0a94c54b1eb39ea62b873c5e (patch)
tree	e0624ae19d837fb8e2acf9f828c4464e9e788c60 /docs/security-considerations.rst
parent	fbe0edb32c973166efbd5c0ac556f37fd38584d6 (diff)
download	dexon-solidity-4f5a95d569408e6a0a94c54b1eb39ea62b873c5e.tar dexon-solidity-4f5a95d569408e6a0a94c54b1eb39ea62b873c5e.tar.gz dexon-solidity-4f5a95d569408e6a0a94c54b1eb39ea62b873c5e.tar.bz2 dexon-solidity-4f5a95d569408e6a0a94c54b1eb39ea62b873c5e.tar.lz dexon-solidity-4f5a95d569408e6a0a94c54b1eb39ea62b873c5e.tar.xz dexon-solidity-4f5a95d569408e6a0a94c54b1eb39ea62b873c5e.tar.zst dexon-solidity-4f5a95d569408e6a0a94c54b1eb39ea62b873c5e.zip