diff options
| author | Alex Beregszaszi <alex@rtfs.hu> | 2017-11-22 12:59:28 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-11-22 12:59:28 +0800 |
| commit | be34b574bf386faf414001c7cb11063c6fe7b6f6 (patch) | |
| tree | 25f310690066730ba0da1ee2f63318b520f7d06f /docs/security-considerations.rst | |
| parent | b7fb1bc0a6e7311bf09118c228ba8d93dc944328 (diff) | |
| parent | 744dea60a40e7e5cb25814c3f6f6eb01dc767698 (diff) | |
| download | dexon-solidity-be34b574bf386faf414001c7cb11063c6fe7b6f6.tar.gz dexon-solidity-be34b574bf386faf414001c7cb11063c6fe7b6f6.tar.zst dexon-solidity-be34b574bf386faf414001c7cb11063c6fe7b6f6.zip | |
Merge pull request #3152 from ethereum/docs-tests
Ensure each code snippet in the docs can be extracted for tests
Diffstat (limited to 'docs/security-considerations.rst')
| -rw-r--r-- | docs/security-considerations.rst | 50 |
1 files changed, 26 insertions, 24 deletions
diff --git a/docs/security-considerations.rst b/docs/security-considerations.rst index 6586cb5f..337a3d3f 100644 --- a/docs/security-considerations.rst +++ b/docs/security-considerations.rst @@ -55,18 +55,18 @@ complete contract): :: - pragma solidity ^0.4.0; - - // THIS CONTRACT CONTAINS A BUG - DO NOT USE - contract Fund { - /// Mapping of ether shares of the contract. - mapping(address => uint) shares; - /// Withdraw your share. - function withdraw() { - if (msg.sender.send(shares[msg.sender])) - shares[msg.sender] = 0; - } - } + pragma solidity ^0.4.0; + + // THIS CONTRACT CONTAINS A BUG - DO NOT USE + contract Fund { + /// Mapping of ether shares of the contract. + mapping(address => uint) shares; + /// Withdraw your share. + function withdraw() { + if (msg.sender.send(shares[msg.sender])) + shares[msg.sender] = 0; + } + } The problem is not too serious here because of the limited gas as part of ``send``, but it still exposes a weakness: Ether transfer always @@ -79,18 +79,18 @@ outlined further below: :: - pragma solidity ^0.4.11; + pragma solidity ^0.4.11; - contract Fund { - /// Mapping of ether shares of the contract. - mapping(address => uint) shares; - /// Withdraw your share. - function withdraw() { - var share = shares[msg.sender]; - shares[msg.sender] = 0; - msg.sender.transfer(share); - } - } + contract Fund { + /// Mapping of ether shares of the contract. + mapping(address => uint) shares; + /// Withdraw your share. + function withdraw() { + var share = shares[msg.sender]; + shares[msg.sender] = 0; + msg.sender.transfer(share); + } + } Note that re-entrancy is not only an effect of Ether transfer but of any function call on another contract. Furthermore, you also have to take @@ -179,7 +179,9 @@ Never use tx.origin for authorization. Let's say you have a wallet contract like } } -Now someone tricks you into sending ether to the address of this attack wallet:: +Now someone tricks you into sending ether to the address of this attack wallet: + +:: pragma solidity ^0.4.11; |