aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEvgeny Medvedev <evgeny@kitchenup.com>2017-11-14 03:49:40 +0800
committerAlex Beregszaszi <alex@rtfs.hu>2017-12-12 11:31:00 +0800
commit2f6f81640bca9fb358db12b088ff82f9b4f132bd (patch)
tree78675ce8325c3d87255da05e8fa8e018c6597dae
parent539b8f3b45183ea28219ab31bea73ea033616006 (diff)
downloaddexon-solidity-2f6f81640bca9fb358db12b088ff82f9b4f132bd.tar.gz
dexon-solidity-2f6f81640bca9fb358db12b088ff82f9b4f132bd.tar.zst
dexon-solidity-2f6f81640bca9fb358db12b088ff82f9b4f132bd.zip
Add another contract with call to demonstrate re-entrancy vulnerability.
Add another contract with call to demonstrate re-entrancy vulnerability as send explicitly sets gas to 2300 by default according to this commit 9ca7472 which makes it impossible to "get multiple refunds" because a non-zero CALL costs at least 9700 gas. This issue is discussed on Ethereum StackExchange https://ethereum.stackexchange.com/questions/30371/send-ether-reentrancy-attack-in-reality-how-could-fallback-function-make-a-mes/30616#30616
-rw-r--r--docs/security-considerations.rst19
1 files changed, 18 insertions, 1 deletions
diff --git a/docs/security-considerations.rst b/docs/security-considerations.rst
index 337a3d3f..197e80e5 100644
--- a/docs/security-considerations.rst
+++ b/docs/security-considerations.rst
@@ -72,7 +72,24 @@ The problem is not too serious here because of the limited gas as part
of ``send``, but it still exposes a weakness: Ether transfer always
includes code execution, so the recipient could be a contract that calls
back into ``withdraw``. This would let it get multiple refunds and
-basically retrieve all the Ether in the contract.
+basically retrieve all the Ether in the contract. In particular, the
+following contract will allow an attacker to refund multiple times
+as it uses ``call`` which forwards all remaining gas by default:
+
+::
+
+ pragma solidity ^0.4.0;
+
+ // THIS CONTRACT CONTAINS A BUG - DO NOT USE
+ contract Fund {
+ /// Mapping of ether shares of the contract.
+ mapping(address => uint) shares;
+ /// Withdraw your share.
+ function withdraw() {
+ if (msg.sender.call.value(shares[msg.sender])())
+ shares[msg.sender] = 0;
+ }
+ }
To avoid re-entrancy, you can use the Checks-Effects-Interactions pattern as
outlined further below: