aboutsummaryrefslogtreecommitdiffstats
path: root/docs/solidity-by-example.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/solidity-by-example.rst')
-rw-r--r--docs/solidity-by-example.rst78
1 files changed, 58 insertions, 20 deletions
diff --git a/docs/solidity-by-example.rst b/docs/solidity-by-example.rst
index 52ce9849..5c1810c1 100644
--- a/docs/solidity-by-example.rst
+++ b/docs/solidity-by-example.rst
@@ -34,8 +34,6 @@ At the end of the voting time, ``winningProposal()``
will return the proposal with the largest number
of votes.
-.. Gist: 618560d3f740204d46a5
-
::
/// @title Voting with delegation.
@@ -108,9 +106,15 @@ of votes.
// Forward the delegation as long as
// `to` also delegated.
+ // In general, such loops are very dangerous,
+ // because if they run too long, they might
+ // need more gas that is available in a block.
+ // In this case, the delegation will not be executed,
+ // but in other situations, such loops might
+ // cause a contract to get "stuck" completely.
while (voters[to].delegate != address(0) &&
- voters[to].delegate != msg.sender) {
- to = voters[to].delegate;
+ voters[to].delegate != msg.sender) {
+ to = voters[to].delegate;
}
// We found a loop in the delegation, not allowed.
@@ -199,8 +203,6 @@ contract has to be called manually for the
beneficiary to receive his money - contracts cannot
activate themselves.
-.. {% include open_link gist="48cd2b65ff83bd04f7af" %}
-
::
contract SimpleAuction {
@@ -215,6 +217,9 @@ activate themselves.
address public highestBidder;
uint public highestBid;
+ // Allowed withdrawals of previous bids
+ mapping(address => uint) pendingReturns;
+
// Set to true at the end, disallows any change
bool ended;
@@ -258,13 +263,29 @@ activate themselves.
throw;
}
if (highestBidder != 0) {
- highestBidder.send(highestBid);
+ // Sending back the money by simply using
+ // highestBidder.send(highestBid) is a security risk
+ // because it can be prevented by the caller by e.g.
+ // raising the call stack to 1023. It is always safer
+ // to let the recipient withdraw their money themselves.
+ pendingReturns[highestBidder] += highestBid;
}
highestBidder = msg.sender;
highestBid = msg.value;
HighestBidIncreased(msg.sender, msg.value);
}
+ /// Withdraw a bid that was overbid.
+ function withdraw() {
+ var amount = pendingReturns[msg.sender];
+ // It is important to set this to zero because the recipient
+ // can call this function again as part of the receiving call
+ // before `send` returns.
+ pendingReturns[msg.sender] = 0;
+ if (!msg.sender.send(amount))
+ throw; // If anything fails, this will revert the changes above
+ }
+
/// End the auction and send the highest bid
/// to the beneficiary.
function auctionEnd() {
@@ -274,9 +295,8 @@ activate themselves.
throw; // this function has already been called
AuctionEnded(highestBidder, highestBid);
- // We send all the money we have, because some
- // of the refunds might have failed.
- beneficiary.send(this.balance);
+ if (!beneficiary.send(highestBid))
+ throw;
ended = true;
}
@@ -328,8 +348,6 @@ Bidders can confuse competition by placing several
high or low invalid bids.
-.. {% include open_link gist="70528429c2cd867dd1d6" %}
-
::
contract BlindAuction {
@@ -349,6 +367,9 @@ high or low invalid bids.
address public highestBidder;
uint public highestBid;
+ // Allowed withdrawals of previous bids
+ mapping(address => uint) pendingReturns;
+
event AuctionEnded(address winner, uint highestBid);
/// Modifiers are a convenient way to validate inputs to
@@ -426,7 +447,8 @@ high or low invalid bids.
// the same deposit.
bid.blindedBid = 0;
}
- msg.sender.send(refund);
+ if (!msg.sender.send(refund))
+ throw;
}
// This is an "internal" function which means that it
@@ -440,13 +462,24 @@ high or low invalid bids.
}
if (highestBidder != 0) {
// Refund the previously highest bidder.
- highestBidder.send(highestBid);
+ pendingReturns[highestBidder] += highestBid;
}
highestBid = value;
highestBidder = bidder;
return true;
}
+ /// Withdraw a bid that was overbid.
+ function withdraw() {
+ var amount = pendingReturns[msg.sender];
+ // It is important to set this to zero because the recipient
+ // can call this function again as part of the receiving call
+ // before `send` returns.
+ pendingReturns[msg.sender] = 0;
+ if (!msg.sender.send(amount))
+ throw; // If anything fails, this will revert the changes above
+ }
+
/// End the auction and send the highest bid
/// to the beneficiary.
function auctionEnd()
@@ -457,7 +490,8 @@ high or low invalid bids.
AuctionEnded(highestBidder, highestBid);
// We send all the money we have, because some
// of the refunds might have failed.
- beneficiary.send(this.balance);
+ if (!beneficiary.send(this.balance))
+ throw;
ended = true;
}
@@ -472,8 +506,6 @@ high or low invalid bids.
Safe Remote Purchase
********************
-.. {% include open_link gist="b16e8e76a423b7671e99" %}
-
::
contract Purchase {
@@ -521,8 +553,9 @@ Safe Remote Purchase
inState(State.Created)
{
aborted();
- seller.send(this.balance);
state = State.Inactive;
+ if (!seller.send(this.balance))
+ throw;
}
/// Confirm the purchase as buyer.
@@ -545,9 +578,14 @@ Safe Remote Purchase
inState(State.Locked)
{
itemReceived();
- buyer.send(value); // We ignore the return value on purpose
- seller.send(this.balance);
+ // It is important to change the state first because
+ // otherwise, the contracts called using `send` below
+ // can call in again here.
state = State.Inactive;
+ // This actually allows both the buyer and the seller to
+ // block the refund.
+ if (!buyer.send(value) || !seller.send(this.balance))
+ throw;
}
function() {