Skip to content

Commit

Permalink
Correct that ether transfers _can_ always include code execution in r…
Browse files Browse the repository at this point in the history
…e-entrancy example
  • Loading branch information
axic committed Dec 12, 2017
1 parent 2f6f816 commit 37b0688
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions docs/security-considerations.rst
Original file line number Diff line number Diff line change
Expand Up @@ -69,8 +69,8 @@ complete contract):
}

The problem is not too serious here because of the limited gas as part
of ``send``, but it still exposes a weakness: Ether transfer always
includes code execution, so the recipient could be a contract that calls
of ``send``, but it still exposes a weakness: Ether transfer can always
include code execution, so the recipient could be a contract that calls
back into ``withdraw``. This would let it get multiple refunds and
basically retrieve all the Ether in the contract. In particular, the
following contract will allow an attacker to refund multiple times
Expand Down

0 comments on commit 37b0688

Please sign in to comment.