Reentrancy Vulnerability

Question

Hello everyone , Ive noticed that the offer function uses the .call{value: amount}() method to send Ether to the recipients address. Could anyone provide insight into whether this function is indeed vulnerable to reentrancy and suggest any best practices or modifications to mitigate such risks? function _offer(address to, uint256 amount) internal { balance -= amount; (bool success, ) = to.call{value: amount}(); if (!success) { revert TransferFailed(address(0), address(this), to, amount); } } `

0x0304...a958 · Answer

One of the best practice in Solidity is CEI (Checks, Effects, Interactions). It describes the order of how your code is structured to avoid unexpected behaviour or malicious execution.

Checks would be implementing some require to be sure the parameters in your function are correct. There isn't any in your _offer() function, but you could add for exemple require(balance >= amount); (not necessary) at the beginning of your function to be sure that the user doesn't spend more than what he owns.

Effects are basically changing the state variables of your contract in order to suit what you want it to be now. Here, it's the line balance -= amount;, reducing the users balance.

Interactions are calls to other contracts/addresses that might trigger some unknown code (for exemple when you call to send money, it might trigger a receive() function of the smart contract calling your function).

Because you follow this rule in this code, no re-entrancy should be possible.

Reentrancy Vulnerability

Ответы

Знаете ответ?