aboutsummaryrefslogtreecommitdiffstats
path: root/docs
diff options
context:
space:
mode:
authorDenton Liu <liu.denton+github@gmail.com>2016-08-11 22:45:47 +0800
committerDenton Liu <liu.denton+github@gmail.com>2016-08-11 22:45:47 +0800
commit058e5f0159dcad3e7349b2ab9873396fcc5894e5 (patch)
treeaed06699391c30036ac2fe61e9572d27293c6957 /docs
parent4737100d005e99be5b45691d304e5efe1457d3df (diff)
downloaddexon-solidity-058e5f0159dcad3e7349b2ab9873396fcc5894e5.tar
dexon-solidity-058e5f0159dcad3e7349b2ab9873396fcc5894e5.tar.gz
dexon-solidity-058e5f0159dcad3e7349b2ab9873396fcc5894e5.tar.bz2
dexon-solidity-058e5f0159dcad3e7349b2ab9873396fcc5894e5.tar.lz
dexon-solidity-058e5f0159dcad3e7349b2ab9873396fcc5894e5.tar.xz
dexon-solidity-058e5f0159dcad3e7349b2ab9873396fcc5894e5.tar.zst
dexon-solidity-058e5f0159dcad3e7349b2ab9873396fcc5894e5.zip
Update contracts and descriptions
Diffstat (limited to 'docs')
-rw-r--r--docs/common-patterns.rst17
1 files changed, 13 insertions, 4 deletions
diff --git a/docs/common-patterns.rst b/docs/common-patterns.rst
index 8bf9e3c0..eb4e14f0 100644
--- a/docs/common-patterns.rst
+++ b/docs/common-patterns.rst
@@ -40,9 +40,9 @@ become the richest.
function becomeRichest() returns (bool) {
if (msg.value > mostSent) {
+ pending[richest] = msg.value;
richest = msg.sender;
mostSent = msg.value;
- pending[richest] = msg.value;
return true;
}
else {
@@ -76,9 +76,14 @@ This is as opposed to the more intuitive sending pattern.
function becomeRichest() returns (bool) {
if (msg.value > mostSent) {
+ // Check if call succeeds to prevent an attacker
+ // from trapping the previous person's funds in
+ // this contract through a callstack attack
+ if (!richest.send(msg.value)) {
+ throw;
+ }
richest = msg.sender;
mostSent = msg.value;
- richest.send(msg.value);
return true;
}
else {
@@ -88,8 +93,12 @@ This is as opposed to the more intuitive sending pattern.
}
Notice that, in this example, an attacker could trap the
-previous richest person's funds in the contract by causing
-the execution of `send` to fail through a callstack attack.
+contract into an unusable state by causing the ``richest``
+to be a contract that has a fallback function which consumes
+more than the 2300 gas stipend. That way, whenever ``send``
+is called to deliver funds to the "poisoned" contract, it
+will cause execution to always fail because there is not
+enough gas to finish the execution of the fallback function.
.. index:: access;restricting