Solidity

潛在的重入漏洞:我應該如何重新安排這個功能來避免它?

  • June 3, 2018

我不知道為什麼我不斷收到有關“publishEtherBox”功能的潛在重入攻擊漏洞。合約程式碼不完整,但應該足夠理解。這是一個糟糕的語法問題還是其他問題?

contract {
...
 struct EtherBox {
   bytes32 label;
   address owner;
   string ownerUrl;
   uint256 expiration;
 }

 mapping (address => bytes32) public nicknames;
 mapping (address => address[]) public ownerToEtherBoxes;
 mapping (address => EtherBox) public etherBoxes;
 mapping (address => uint256) etherBoxesNonce;
...
 function publishEtherBox (bytes32 _label, string _ownerUrl, uint _lifespan) external onlyWhenRunning() payable {
     require(ownerToEtherBoxes[msg.sender].length < 10);
     assert(bytes(_ownerUrl).length <= 200);
     address etherBoxAddress = address(keccak256(msg.sender, etherBoxesNonce[msg.sender]++));
     ownerToEtherBoxes[msg.sender].push(etherBoxAddress);
     etherBoxes[etherBoxAddress] = EtherBox({
       label: _label,
       owner: msg.sender,
       ownerUrl: _ownerUrl,
       expiration: now + _lifespan
     });
     if(msg.value > 0){
       owner.transfer(msg.value);
     }
     emit EtherBoxPublished(msg.sender, nicknames[msg.sender], etherBoxAddress, _label, now);
 }
...
}

這裡沒有真正的問題,但是如果您想使編譯器警告靜音,您可以將.transfer()呼叫作為函式中的最後一件事:

function publishEtherBox(...) ... {
   ...
   emit EtherBoxPublished(msg.sender, nicknames[msg.sender], etherBoxAddress, _label, now);
   if (msg.value > 0) {
       owner.transfer(msg.value);
   }
}

引用自:https://ethereum.stackexchange.com/questions/50333

相關問答

Solidity

ReentrancyGuard.sol 中的程式碼無法訪問

  • October 31, 2022
檢視問答
Solidity

即使我在同一函式中將餘額設置為零,該函式是否容易受到重入攻擊(包括範例)

  • February 23, 2019
檢視問答
Solidity

模擬 DAO 遞歸/重入攻擊

  • July 30, 2018
檢視問答
Solidity

哪個是最好的代理契約?

  • November 28, 2022
檢視問答
Solidity

如何使用我的狀態變數的更新值?

  • November 10, 2022
檢視問答
Solidity

有沒有辦法確定將使用哪個確切的solidity版本?

  • November 3, 2022
檢視問答