cerc-io/solidity
10
0
Fork 0
mirror of https://github.com/ethereum/solidity synced 2023-10-03 13:03:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Correct that ether transfers _can_ always include code execution in re-entrancy example

Browse Source
This commit is contained in:
Alex Beregszaszi 2017-12-12 03:31:30 +00:00
parent 2f6f81640b
commit 37b06884b2
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/security-considerations.rst
View File

@ -69,8 +69,8 @@ complete contract):
} }
The problem is not too serious here because of the limited gas as part The problem is not too serious here because of the limited gas as part
of ``send``, but it still exposes a weakness: Ether transfer always of ``send``, but it still exposes a weakness: Ether transfer can always
includes code execution, so the recipient could be a contract that calls include code execution, so the recipient could be a contract that calls
back into ``withdraw``. This would let it get multiple refunds and back into ``withdraw``. This would let it get multiple refunds and
basically retrieve all the Ether in the contract. In particular, the basically retrieve all the Ether in the contract. In particular, the
following contract will allow an attacker to refund multiple times following contract will allow an attacker to refund multiple times