Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Securify report] Transactions May Affect Ether Amount #1

Open
s-tikhomirov opened this issue Jul 10, 2017 · 0 comments
Open

[Securify report] Transactions May Affect Ether Amount #1

s-tikhomirov opened this issue Jul 10, 2017 · 0 comments
Assignees
@s-tikhomirov
Labels
security

Comments

@s-tikhomirov
Copy link
Owner

The amount transferred on withdrawal can (maybe) be influenced by reordering transactions.

At line 95 (if (!msg.sender.send(amount)) {):

A contract is exposed to this vulnerability if a miner (who executes and validates transactions) can reorder the transactions within a block in a way that affects the amount of ether transfered to the receiver.
The Safe Example contract on the left is not vulnerable to this vulnerability as the amount of ether transfered is price, which is a constant that cannot be modified by previously executed transactions. In contrast, the amount of ether transfered by the contract Unsafe Example can be modified via calls to method setPrice.
Note that these examples are only for illustration purposes. For value transfer, the solidity function transfer() should be used.

http://securify.ch/
@s-tikhomirov s-tikhomirov self-assigned this Jul 10, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@s-tikhomirov s-tikhomirov

Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@s-tikhomirov