August 2019
Intermediate to advanced
486 pages
13h 52m
English
Content preview from Mastering Blockchain Programming with Solidity
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Preventing a reentrancy attack
To prevent a reentrancy attack, the state of the variables should be updated first, and then ether should be sent to a user's account as follows:
// Good Practicefunction withdraw() public { uint amount = balances[msg.sender]; balances[msg.sender] = 0; msg.sender.transfer(amount); }
In the preceding code, we are updating the balance of the user's account to 0 (zero), and then only sending the ether to the user.
Remember to always update the relevant state variables first and then only transfer ether at the last step.