Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Oct 10 2017 22:42
    @jpitts banned @etherchamp1_twitter
  • Jun 05 2016 10:33
    @chriseth banned @adamskee
Martin Holst Swende
@holiman
Checked, would return 0x00 if payment is missing
So only one byte would be overwritten
Sorry, didn't see your fakerelay
ethers
@ethers
@tjad273 still catching up on this chat but https://gitter.im/ethereum/solidity?at=57685128a82a6b0079a77f13 you must mean "relay = addr"
Martin Holst Swende
@holiman
Nice catch!
Tjaden Hess
@tjade273
Ah, yeah
@ethers Thanks, that fixed it!
It's always the little things that get you.....
I guess all this messing around with assembly was for nothing
ethers
@ethers
@tjade273 great it works :)
drandreaskrueger
@drandreaskrueger
void4
@void4

Assuming I have the following function:

function() {
msg.sender.send(msg.value);
throw;
}

and I call it. Is the send reverted as well?

All docs say so, but I have found code that uses it.
Tjaden Hess
@tjade273
Yes, the send is reverted too
void4
@void4
strange.
Tjaden Hess
@tjade273
Yeah, the send is unnecessary, the throw will return the funds anyway.
Actually getting rid of the throw would be better, because it uses up all of the gas
chriseth
@chriseth
yes, throw is more expensive but MUCH safer
send can always fail, throw never fails to revert state
void4
@void4
Thanks @tjade273 @chriseth
The same is true when a call runs out of gas, correct?
chriseth
@chriseth
yes
Tjaden Hess
@tjade273
I can't seem to get calls in inline assembly to work
chriseth
@chriseth
@tjade273 not sure if that is the reason, but you do not handle the return value of call (i.e. the one item that is pushed onto the stack)
Tjaden Hess
@tjade273
It just returns a boolean success,right?
Yup, that fixed it, thanks a ton
bakiguher
@bakiguher
Slockit released the Ethereum Computer.. with the ETHOS seems cool check this out: http://ether-computer.com/
Micah Zoltu
@MicahZoltu
Scam ^
Suhail Shergill
@suhailshergill

so now that this recursive call exploit has been doing the rounds, perhaps someone can comment on one of my questions from earlier in the year (February 4 2016, 23:15):

in conversation with vitalik yesterday, he pointed me to some PL/type-theory/correctness proof related work that solidity is either currently doing and/or planning on doing. could someone provide me concrete pointers?

at least as per https://blog.ethereum.org/2016/06/17/critical-update-re-dao-vulnerability/ such topics are now being encouraged and aided by a few grants

Suhail Shergill
@suhailshergill
(solidity / EVM question): so anytime I send ETH to another contract, their default function gets invoked and I could be asking for the recursive call exploit?
Micah Zoltu
@MicahZoltu
Not exactly.
If you are just manually sending ether you are fine.
Roman Plášil
@Quiark
oh I mean from a smart contract
Micah Zoltu
@MicahZoltu
It is a problem when you have a contract that sends then deducts some internal balance.
If you deduct first you are safe.
Or if you don't have any internal bookkeeping.
Roman Plášil
@Quiark
but the point is that each send from a contract invokes the default function on receiving contract
Micah Zoltu
@MicahZoltu
Yeah.
Roman Plášil
@Quiark
so yeah, in retrospect, that's a bad design
Micah Zoltu
@MicahZoltu
Anytime you can an external contract you need to assume that before that returns anything can happen, including the same method called again.
Eh, I don't think it as a bad design really.
The developer is calling untrusted code, it is on them to be defensive.
Roman Plášil
@Quiark
but the developer is not calling untrusted code. He wants to send coins.
Micah Zoltu
@MicahZoltu
The alternative is disallowing a whole class of smart wallets.
Roman Plášil
@Quiark
and it unexpectedly calls code
Micah Zoltu
@MicahZoltu
I do agree that the UX could be improved in solidity.
Roman Plášil
@Quiark
but it can't be done in Solidity - it's a EVM problem: anytime you send coins, oops, default function also gets invoked