Created
February 2, 2023 11:36
-
-
Save bartubozkurt/4f90602b4c442492fa9e2b60ff4e02de to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Bad */ | |
| uint256 constant private targetEther = 1000 ether; | |
| function join() public payable { | |
| require(msg.value == 5 ether); // each play is 5 ether | |
| ...doSomething; | |
| } | |
| function claimReward(address _to) public { | |
| require(this.balance == targetEther); | |
| _to.transfer(targetEther); | |
| } | |
| /* Vulnerable | |
| 1. Send ether by selfdestruct | |
| 2. the value of this.balance cwill never be a multiples of 5 forever... | |
| */ | |
| /* Better */ | |
| uint256 constant private targetEther = 1000 ether; | |
| uint256 private treasury; | |
| function join() public payable { | |
| require(msg.value == 5 ether); // each play is 5 ether | |
| treasury = treasury + 5 ether; | |
| ...doSomething; | |
| } | |
| function claimReward(address _to) public { | |
| require(treasury == targetEther); // don't use this.balance | |
| _to.transfer(targetEther); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment