51 large

如何避免 fallback 函数的注入

rubyu2 · 于 发布 · 最后由 lgn21st回复 · 478 次阅读

contract DeliveryBoy{
    /*
     * Delivery boy is very important, but not so clever
     */
    function deliver(address recipient){
        selfdestruct(recipient);
    }
}

contract MailMan{

    /*
     * The MailMan delivers
     * No-fuzz delivery of ether to the recipient. 
     * Mailman tolerates no code-execution or funny stuff on cash delivery
     * Nobody owns the mailman (no 'owner')
     * Mailman remembers nothing (no storage slots)
     *
     * You wanna use mailman for payment?
     * Go ahead, but its'a gonna cost'ya some extra gas, capisce...
     */
     function payRecipient(address recipient)
     {
        DeliveryBoy d = new DeliveryBoy();
        d.deliver.value(msg.value)(recipient);
     }
}

原文:https://gist.github.com/holiman/f66bae83540728c209e521c42bd06362

  • 43 large
    lgn21st

    这个做法相比直接用 send,会消耗大约 3 倍左右的 gas。
    虽然 send 并不解决本质问题,但是默认的 Gas 消耗为 21000 WEI 来防范可能的循环攻击,虽不是上策,但是可以视为最后一道防线。