Ethereum 避免使用坚固性';s transfer()/send()?
我在2019/9年遇到过关于避免使用solidity的Ethereum 避免使用坚固性';s transfer()/send()?,ethereum,solidity,Ethereum,Solidity,我在2019/9年遇到过关于避免使用solidity的transfer()/send()。以下是文章的推理: It looks like EIP 1884 is headed our way in the Istanbul hard fork. This change increases the gas cost of the SLOAD operation and therefore breaks some existing smart contracts. Those contracts
transfer()/send()It looks like EIP 1884 is headed our way in the Istanbul hard fork. This change increases the gas cost of the SLOAD operation and therefore breaks some existing smart contracts.
Those contracts will break because their fallback functions used to consume less than 2300 gas, and they’ll now consume more. Why is 2300 gas significant? It’s the amount of gas a contract’s fallback function receives if it’s called via Solidity’s transfer() or send() methods. 1
Since its introduction, transfer() has typically been recommended by the security community because it helps guard against reentrancy attacks. This guidance made sense under the assumption that gas costs wouldn’t change, but that assumption turned out to be incorrect. We now recommend that transfer() and send() be avoided.
(bool success, ) = recipient.call{value:_amount, gas: _gas}("");
Low level calls: Use of "call": should be avoided whenever possible. It can lead to unexpected behavior if return value is not handled properly. Please use Direct Calls via specifying the called contract's interface. more
我不是执行智能合同和安全的天然气成本专家。因此,我发表这篇文章,希望大家能对其发表意见。首先,了解Solidity中的回退功能很好: 它没有名称,没有参数,没有返回值,并且可以定义为每个协定一个,但最重要的特性是,在协定上调用不存在的函数时,例如to
sendtransfercall.value()(“”)应付合同漏洞合同{
映射(地址=>uint)公共余额;
功能存款()公共支付{
需要(msg.value>1);
余额[msg.sender]+=msg.value;
}
功能提取(单位金额)公共{
要求(余额[msg.sender]>=\u金额,“余额不足!”);
msg.sender.call.value(_amount)(“”);
余额[消息发送方]-=\u金额;
}
函数getBalance()查看公共返回(uint){
返回地址(此)。余额;
}
回退()应付外部{}
}