Possible reentrancy vulnerabilities. Avoid state changes after transfer SOLHINT-W1051
Security
Major
Possible reentrancy vulnerabilities. Avoid state changes after transfer.
Bad Practice
Vulnerable Contract 1
pragma solidity 0.4.4;
contract A {
mapping(address => uint) private shares;
function b() external { uint amount = shares[msg.sender]; bool a = msg.sender.send(amount); if (a) { shares[msg.sender] = 0; } }
}Vulnerable Contract 2
pragma solidity 0.4.4;
contract A {
mapping(address => uint) private shares;
function b() external { uint amount = shares[msg.sender]; msg.sender.transfer(amount); shares[msg.sender] = 0; }
}
Recommended
Invulnerable Contract 1
pragma solidity 0.4.4;
contract A {
mapping(address => uint) private shares;
function b() external { uint amount = shares[msg.sender]; shares[msg.sender] = 0; msg.sender.transfer(amount); }
}Invulnerable Contract 2
pragma solidity 0.4.4;
contract A {
mapping(address => uint) private shares;
function b() external { uint amount = shares[msg.sender]; user.test(amount); shares[msg.sender] = 0; }
}Invulnerable Contract 3
pragma solidity 0.4.4;
contract A {
function b() public {
uint[] shares; uint amount = shares[msg.sender]; msg.sender.transfer(amount); shares[msg.sender] = 0;
}
}
Learn more
reentrancy on Solhint's documentation.