Last active
December 6, 2018 08:46
-
-
Save tomw1808/3e4075cbc517ea16bf01474ddce91286 to your computer and use it in GitHub Desktop.
This is an example of the difference between "address.send()", "address.call.value()()" and "address.transfer()" in Solidity. If you like this example, then checkout my courses I do on Udemy (https://vomtom.at/tag/course/)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.4.13; | |
| contract someContract { | |
| mapping(address => uint) balances; | |
| function deposit() payable { | |
| balances[msg.sender] += msg.value; | |
| } | |
| function withdrawVeryBad1(uint amount) { | |
| if(balances[msg.sender] >= amount) { | |
| msg.sender.send(amount); | |
| balances[msg.sender] -= amount; | |
| } | |
| } | |
| function withdrawVeryVeryBad2(uint amount) { | |
| if(balances[msg.sender] >= amount) { | |
| msg.sender.call.gas(2500000).value(amount)(); | |
| balances[msg.sender] -= amount; | |
| } | |
| } | |
| function withdrawVeryVeryBad3(uint amount) { | |
| if(balances[msg.sender] >= amount) { | |
| if(msg.sender.call.gas(2500000).value(amount)()) { | |
| balances[msg.sender] -= amount; | |
| } | |
| } | |
| } | |
| function withdrawBad1(uint amount) { | |
| if(balances[msg.sender] >= amount) { | |
| if(msg.sender.send(amount)) { | |
| balances[msg.sender] -= amount; | |
| } | |
| } | |
| } | |
| function withdrawOkayish(uint amount) { | |
| if(balances[msg.sender] >= amount) { | |
| balances[msg.sender] -= amount; | |
| if(!msg.sender.send(amount)) { | |
| throw; | |
| } | |
| } | |
| } | |
| function withdrawBad2(uint amount) { | |
| if(balances[msg.sender] >= amount) { | |
| balances[msg.sender] -= amount; | |
| if(!msg.sender.call.gas(2500000).value(amount)()) { | |
| throw; | |
| } | |
| } | |
| } | |
| //OKAY FUNCTIONS | |
| function withdrawOK(uint amount) { | |
| if(balances[msg.sender] >= amount) { | |
| balances[msg.sender] -= amount; | |
| msg.sender.transfer(amount); | |
| } | |
| } | |
| //New Exception handling | |
| function withdrawGood(uint amount) { | |
| require(balances[msg.sender] >= amount); | |
| balances[msg.sender] -= amount; | |
| msg.sender.transfer(amount); | |
| } | |
| } |
@yyssjj33 I dont think address.call.value()() is a safe against re-entry attack. The other 2 have a gas limit but not call.value(). Unless you specify gas limit using gas().
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
always call
address.send(),address.call.value()()andaddress.transfer()at the very end of the function, or you will experience re-entry attack