diff options
| author | Alex Beregszaszi <alex@rtfs.hu> | 2017-12-12 11:31:30 +0800 |
|---|---|---|
| committer | Alex Beregszaszi <alex@rtfs.hu> | 2017-12-12 11:31:30 +0800 |
| commit | 37b06884b26ec55fcc9bad2d6744b09dcf568006 (patch) | |
| tree | c2fa840d5ce4ab1bd1f82782236d908b85e969bf /docs | |
| parent | 2f6f81640bca9fb358db12b088ff82f9b4f132bd (diff) | |
| download | dexon-solidity-37b06884b26ec55fcc9bad2d6744b09dcf568006.tar dexon-solidity-37b06884b26ec55fcc9bad2d6744b09dcf568006.tar.gz dexon-solidity-37b06884b26ec55fcc9bad2d6744b09dcf568006.tar.bz2 dexon-solidity-37b06884b26ec55fcc9bad2d6744b09dcf568006.tar.lz dexon-solidity-37b06884b26ec55fcc9bad2d6744b09dcf568006.tar.xz dexon-solidity-37b06884b26ec55fcc9bad2d6744b09dcf568006.tar.zst dexon-solidity-37b06884b26ec55fcc9bad2d6744b09dcf568006.zip | |
Correct that ether transfers _can_ always include code execution in re-entrancy example
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/security-considerations.rst | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/security-considerations.rst b/docs/security-considerations.rst index 197e80e5..1e2138fa 100644 --- a/docs/security-considerations.rst +++ b/docs/security-considerations.rst @@ -69,8 +69,8 @@ complete contract): } The problem is not too serious here because of the limited gas as part -of ``send``, but it still exposes a weakness: Ether transfer always -includes code execution, so the recipient could be a contract that calls +of ``send``, but it still exposes a weakness: Ether transfer can always +include code execution, so the recipient could be a contract that calls back into ``withdraw``. This would let it get multiple refunds and basically retrieve all the Ether in the contract. In particular, the following contract will allow an attacker to refund multiple times |