diff options
-rw-r--r-- | docs/common-patterns.rst | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/docs/common-patterns.rst b/docs/common-patterns.rst index 8bf9e3c0..eb4e14f0 100644 --- a/docs/common-patterns.rst +++ b/docs/common-patterns.rst @@ -40,9 +40,9 @@ become the richest. function becomeRichest() returns (bool) { if (msg.value > mostSent) { + pending[richest] = msg.value; richest = msg.sender; mostSent = msg.value; - pending[richest] = msg.value; return true; } else { @@ -76,9 +76,14 @@ This is as opposed to the more intuitive sending pattern. function becomeRichest() returns (bool) { if (msg.value > mostSent) { + // Check if call succeeds to prevent an attacker + // from trapping the previous person's funds in + // this contract through a callstack attack + if (!richest.send(msg.value)) { + throw; + } richest = msg.sender; mostSent = msg.value; - richest.send(msg.value); return true; } else { @@ -88,8 +93,12 @@ This is as opposed to the more intuitive sending pattern. } Notice that, in this example, an attacker could trap the -previous richest person's funds in the contract by causing -the execution of `send` to fail through a callstack attack. +contract into an unusable state by causing the ``richest`` +to be a contract that has a fallback function which consumes +more than the 2300 gas stipend. That way, whenever ``send`` +is called to deliver funds to the "poisoned" contract, it +will cause execution to always fail because there is not +enough gas to finish the execution of the fallback function. .. index:: access;restricting |