solhint
reentrancy
The {“extends”: “solhint:recommended”} property in a configuration file enables this rule.
Description
Possible reentrancy vulnerabilities. Avoid state changes after transfer.
Options
This rule accepts a string option of rule severity. Must be one of “error”, “warn”, “off”. Default to warn.
Example Config
{
"rules": {
"reentrancy": "warn"
}
}
Examples
👍 Examples of correct code for this rule
Invulnerable Contract 1
pragma solidity 0.4.4;
contract A {
mapping(address => uint) private shares;
function b() external {
uint amount = shares[msg.sender];
shares[msg.sender] = 0;
msg.sender.transfer(amount);
}
}
Invulnerable Contract 2
pragma solidity 0.4.4;
contract A {
mapping(address => uint) private shares;
function b() external {
uint amount = shares[msg.sender];
user.test(amount);
shares[msg.sender] = 0;
}
}
Invulnerable Contract 3
pragma solidity 0.4.4;
contract A {
function b() public {
uint[] shares;
uint amount = shares[msg.sender];
msg.sender.transfer(amount);
shares[msg.sender] = 0;
}
}
👎 Examples of incorrect code for this rule
Vulnerable Contract 1
pragma solidity 0.4.4;
contract A {
mapping(address => uint) private shares;
function b() external {
uint amount = shares[msg.sender];
bool a = msg.sender.send(amount);
if (a) { shares[msg.sender] = 0; }
}
}
Vulnerable Contract 2
pragma solidity 0.4.4;
contract A {
mapping(address => uint) private shares;
function b() external {
uint amount = shares[msg.sender];
msg.sender.transfer(amount);
shares[msg.sender] = 0;
}
}
Version
This rule was introduced in Solhint 1.1.6