cerc-io/solidity
16
0
Fork 0
mirror of https://github.com/ethereum/solidity synced 2023-10-03 13:03:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #13457 from ethereum/checks

Browse Source 
Explained Checks-Effects-Interactions
This commit is contained in:
Mathias L. Baumann 2022-08-30 15:20:53 +02:00 committed by GitHub
commit b2afe9f9dc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/security-considerations.rst
View File

@ -98,7 +98,7 @@ as it uses ``call`` which forwards all remaining gas by default:
}
To avoid re-entrancy, you can use the Checks-Effects-Interactions pattern as
outlined further below:
demonstrated below:
.. code-block:: solidity
@ -116,6 +116,13 @@ outlined further below:
}
}
The Checks-Effects-Interactions pattern ensures that all code paths through a contract complete all required checks
of the supplied parameters before modifying the contract's state (Checks); only then it makes any changes to the state (Effects);
it may make calls to functions in other contracts *after* all planned state changes have been written to
storage (Interactions). This is a common foolproof way to prevent *re-entrancy attacks*, where an externally called
malicious contract is able to double-spend an allowance, double-withdraw a balance, among other things, by using logic that calls back into the
original contract before it has finalized its transaction.
Note that re-entrancy is not only an effect of Ether transfer but of any
function call on another contract. Furthermore, you also have to take
multi-contract situations into account. A called contract could modify the