mirror of
https://github.com/ethereum/solidity
synced 2023-10-03 13:03:40 +00:00
Merge pull request #13457 from ethereum/checks
Explained Checks-Effects-Interactions
This commit is contained in:
Mathias L. Baumann
GitHub
commit
b2afe9f9dc
@ -98,7 +98,7 @@ as it uses ``call`` which forwards all remaining gas by default:
|
|||||||
}
|
}
|
||||||
|
|
||||||
To avoid re-entrancy, you can use the Checks-Effects-Interactions pattern as
|
To avoid re-entrancy, you can use the Checks-Effects-Interactions pattern as
|
||||||
outlined further below:
|
demonstrated below:
|
||||||
|
|
||||||
.. code-block:: solidity
|
.. code-block:: solidity
|
||||||
|
|
||||||
@ -116,6 +116,13 @@ outlined further below:
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
The Checks-Effects-Interactions pattern ensures that all code paths through a contract complete all required checks
|
||||||
|
of the supplied parameters before modifying the contract's state (Checks); only then it makes any changes to the state (Effects);
|
||||||
|
it may make calls to functions in other contracts *after* all planned state changes have been written to
|
||||||
|
storage (Interactions). This is a common foolproof way to prevent *re-entrancy attacks*, where an externally called
|
||||||
|
malicious contract is able to double-spend an allowance, double-withdraw a balance, among other things, by using logic that calls back into the
|
||||||
|
original contract before it has finalized its transaction.
|
||||||
|
|
||||||
Note that re-entrancy is not only an effect of Ether transfer but of any
|
Note that re-entrancy is not only an effect of Ether transfer but of any
|
||||||
function call on another contract. Furthermore, you also have to take
|
function call on another contract. Furthermore, you also have to take
|
||||||
multi-contract situations into account. A called contract could modify the
|
multi-contract situations into account. A called contract could modify the
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user