aboutsummaryrefslogtreecommitdiffstats
path: root/docs
diff options
context:
space:
mode:
authorAlex Beregszaszi <alex@rtfs.hu>2017-12-12 11:31:30 +0800
committerAlex Beregszaszi <alex@rtfs.hu>2017-12-12 11:31:30 +0800
commit37b06884b26ec55fcc9bad2d6744b09dcf568006 (patch)
treec2fa840d5ce4ab1bd1f82782236d908b85e969bf /docs
parent2f6f81640bca9fb358db12b088ff82f9b4f132bd (diff)
downloaddexon-solidity-37b06884b26ec55fcc9bad2d6744b09dcf568006.tar
dexon-solidity-37b06884b26ec55fcc9bad2d6744b09dcf568006.tar.gz
dexon-solidity-37b06884b26ec55fcc9bad2d6744b09dcf568006.tar.bz2
dexon-solidity-37b06884b26ec55fcc9bad2d6744b09dcf568006.tar.lz
dexon-solidity-37b06884b26ec55fcc9bad2d6744b09dcf568006.tar.xz
dexon-solidity-37b06884b26ec55fcc9bad2d6744b09dcf568006.tar.zst
dexon-solidity-37b06884b26ec55fcc9bad2d6744b09dcf568006.zip
Correct that ether transfers _can_ always include code execution in re-entrancy example
Diffstat (limited to 'docs')
-rw-r--r--docs/security-considerations.rst4
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/security-considerations.rst b/docs/security-considerations.rst
index 197e80e5..1e2138fa 100644
--- a/docs/security-considerations.rst
+++ b/docs/security-considerations.rst
@@ -69,8 +69,8 @@ complete contract):
}
The problem is not too serious here because of the limited gas as part
-of ``send``, but it still exposes a weakness: Ether transfer always
-includes code execution, so the recipient could be a contract that calls
+of ``send``, but it still exposes a weakness: Ether transfer can always
+include code execution, so the recipient could be a contract that calls
back into ``withdraw``. This would let it get multiple refunds and
basically retrieve all the Ether in the contract. In particular, the
following contract will allow an attacker to refund multiple times