This is the kind of exploit the DAO attack was based on. This is an example of what you should not do.
You need nodejs and npm. I have truffle and testrpc installed globaly. You need them to run this. Global or locally - it's your choice
- ethereumjs-testrpc (@4.1.3)
- truffle (@3.4.9)
Simply let testrpc
run and do a truffle test
https://blog.zeppelin.solutions/onward-with-ethereum-smart-contract-security-97a827e47702 https://blog.zeppelin.solutions/the-hitchhikers-guide-to-smart-contracts-in-ethereum-848f08001f05 https://github.com/ConsenSys/smart-contract-best-practices http://hackingdistributed.com/2016/07/13/reentrancy-woes/ PeterBorah/smart-contract-security-examples#3