Git-Mirrors/mev-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/mev-toolkit.git synced 2025-05-02 06:46:13 -04:00
Code Issues Projects Releases Packages Wiki Activity

Update security.md

Browse source
This commit is contained in:
bt3gl 2022-03-10 18:56:23 +00:00 committed by GitHub
parent 1a2bdcca46
commit 2ad3f8a5a7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
solidity/security.md
View file

@ -2,13 +2,13 @@
* `tx.origin` is used: you want to replace it by “msg.sender” because otherwise any contract you call can act on your behalf.
* potential reetrancy bugs:
* Avoid potential reetrancy bugs:
```
msg.sender.transfer(amount);
balances[msg.sender] -= amount;
```
* inline assembly used: should be used only in rare cases
* unclear semantics: `now` is alias for `block.timestamp` not current time; use of low level `call`, `callcode`, `delegatecall` should be avoided whenever possible; use `transfer` whenever failure of ether transfer should rollnack the whole transaction.
* Inline assembly should be used only in rare cases.
* Unclear semantics: `now` is alias for `block.timestamp` not current time; use of low level `call`, `callcode`, `delegatecall` should be avoided whenever possible; use `transfer` whenever failure of ether transfer should rollnack the whole transaction.
* Beware of caller contracts: `selfdestruct` can block calling contracts unexpectedly.
* Invocation of local functions via `this`: never use `this` to call functions in the same contract, it only consumes more gas than normal call.
* Transferring Ether in a for/while/do-while loop should be avoid due to the block gas limit.