Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Substraction should come before the addition #6

Closed
pauliax opened this issue Oct 9, 2017 · 1 comment
Closed

Substraction should come before the addition #6

pauliax opened this issue Oct 9, 2017 · 1 comment
Assignees
@Qkyrie
Labels
Question / Research

Comments

@pauliax
Copy link
Contributor

pauliax commented Oct 9, 2017

Expected behavior

balances[_from] = balances[_from].sub(_value);
balances[_to] = balances[_to].add(_value);
allowed[_from][msg.sender] = _allowance.sub(_value);

Actual behavior

balances[_to] = balances[_to].add(_value);
balances[_from] = balances[_from].sub(_value);
allowed[_from][msg.sender] = _allowance.sub(_value);

Steps to reproduce the behavior

Reorder these lines as substraction should always come before the addition to make your code more secure against re-entrancy attacks.
Also, please make sure that this correctly done in other functions.
Good example:
https://github.com/OpenZeppelin/zeppelin-solidity/blob/master/contracts/token/StandardToken.sol
@karelstriegel karelstriegel added this to the Beta milestone Oct 9, 2017
@Qkyrie
Copy link
Contributor

Qkyrie commented Nov 17, 2017

Using Minime tokens now, we'll be closing these tickets.

@Qkyrie Qkyrie closed this as completed Nov 17, 2017
@pauliax pauliax mentioned this issue May 16, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Qkyrie Qkyrie

Labels
Question / Research
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Qkyrie @karelstriegel @pauliax