0x1
  • About
  • Mobile Security
    • Android Security
    • Android Security Findings
    • IOS App Sec Pentest
    • IOS App Sec Best Practices
    • Tools
  • Web App Security
    • Q&A
    • Tools
  • Security Reports
    • Web Apps
    • Mobile Apps
  • Library
    • Links
    • Soft-Link
  • SmartContract
    • Tools
    • Saving gas
    • Security Research
    • Smart Contract Audit
    • Other findings
    • Writing a safe smart contract
  • NEO Smart Contract
    • DoS Vulnerability
    • NEP-5 Tokens
  • Buffer Overflow
    • BOF-01 (Basic)
    • BOF-02 (Basic)
    • BOF-03 (Basic)
Powered by GitBook
On this page

Was this helpful?

  1. SmartContract

Writing a safe smart contract

Avoid Race-Condition

Always either update the state or throw

contract C {
  bool bought;
  ...
  function buy(string name) {
    if (bought) throw;
    bought = true;
    ...
  }
}

use the state-machine pattern with modifiers

even if only one user: UI buttons are easily clicked twice

PreviousOther findingsNextDoS Vulnerability

Last updated 5 years ago

Was this helpful?