This document summarizes common vulnerabilities in smart contracts and best practices to avoid them. It discusses issues like reentrancy vulnerabilities, cross-contract call vulnerabilities, timestamp dependence, integer overflow, fund reversal, gas griefing and more. It provides examples of vulnerable code and explains how to fix them. The document recommends practices like separating trusted vs untrusted calls, following the checks-effects-interactions pattern for state changes, properly handling errors from send(), call.value() and external calls, and considering that all blockchain data is public.
16. Chamadas Externas
// bad
Bank.withdraw(100); // Unclear whether trusted or untrusted
function makeWithdrawal(uint amount) { Bank.withdraw(amount);
}
// good
UntrustedBank.withdraw(100);
TrustedBank.withdraw(100); // external but trusted bank contract
maintained by XYZ Corp
function makeUntrustedWithdrawal(uint amount) {
UntrustedBank.withdraw(amount);
}
18. Chamadas Externas
// bad
Bank.withdraw(100); // Unclear whether trusted or untrusted
function makeWithdrawal(uint amount) { Bank.withdraw(amount);
}
// good
UntrustedBank.withdraw(100);
TrustedBank.withdraw(100); // external but trusted bank contract
maintained by XYZ Corp
function makeUntrustedWithdrawal(uint amount) {
UntrustedBank.withdraw(amount);
}