If and when ERC223 gets accepted as a standard, I bet we see some fun token reentrancy bugs via this tokenFallback() feature.
-
-
-
Replying to @JaceHensley
ETH reentrancy happens because a vulnerable contract implements withdraw() as sending ETH before reducing the withdrawer's balance, making it possible for a malicious callback's fallback function to call withdraw again recursively. ERC223 adds a fallback function for tokens
1 reply 0 retweets 0 likes
Replying to @backus @JaceHensley
So if someone out there has code like contract TokenVault { function withdraw(uint256 _amount) { require(_amount <= deposited[msg.sender]); token.transfer(msg.sender, _amount); deposited[msg.sender] -= _amount; } } then AFAICT this is now vulnerable with ERC223.
1:50 PM - 28 Mar 2018
0 replies
0 retweets
2 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.