Removes reference to stack depth attack

Changed the old stack depth attack reference to a generic execution of an untrusted contract to keep the suggestion of the withdrawal pattern.
This commit is contained in:
Adrián Calvo 2017-08-04 14:08:37 +02:00 committed by GitHub
parent bd9e91085b
commit 8d832c7cd3

View File

@ -277,9 +277,9 @@ activate themselves.
if (highestBidder != 0) {
// Sending back the money by simply using
// highestBidder.send(highestBid) is a security risk
// because it can be prevented by the caller by e.g.
// raising the call stack to 1023. It is always safer
// to let the recipients withdraw their money themselves.
// because it could execute an untrusted contract.
// It is always safer to let the recipients
// withdraw their money themselves.
pendingReturns[highestBidder] += highestBid;
}
highestBidder = msg.sender;