Skip to content

Instantly share code, notes, and snippets.

@bartubozkurt

bartubozkurt/UnprotectedWithdraw.sol

Last active February 1, 2023 16:18
Show Gist options
  • Save bartubozkurt/b8dcb04c4bdcff55f23ad9475600de03 to your computer and use it in GitHub Desktop.
Save bartubozkurt/b8dcb04c4bdcff55f23ad9475600de03 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
UnprotectedWithdraw.sol
/* Bad */
contract SendEth{
mapping(address => uint256) public balanceOf;
function withdraw(address user, uint256 numTokens) public {
require(balanceOf[user] >= numTokens);
balanceOf[user] -= numTokens;
user.transfer(numTokens * 1 ether);
}
}
/* Better */
contract SendEth{
mapping(address => uint256) public balanceOf;
function withdraw(address user, uint256 numTokens) public {
require(user == msg.sender); // add**
require(balanceOf[user] >= numTokens);
balanceOf[user] -= numTokens;
user.transfer(numTokens * 1 ether);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment