If and when ERC223 gets accepted as a standard, I bet we see some fun token reentrancy bugs via this tokenFallback() feature.
ETH reentrancy happens because a vulnerable contract implements withdraw() as sending ETH before reducing the withdrawer's balance, making it possible for a malicious callback's fallback function to call withdraw again recursively. ERC223 adds a fallback function for tokens 
-
-
So if someone out there has code like contract TokenVault { function withdraw(uint256 _amount) { require(_amount <= deposited[msg.sender]); token.transfer(msg.sender, _amount); deposited[msg.sender] -= _amount; } } then AFAICT this is now vulnerable with ERC223.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.