exchangeLight.sol - anyone can call getEther()

CORIONplatform / solidity

GNU General Public License v3.0

12 stars 9 forks source link

exchangeLight.sol - anyone can call getEther() #158

Closed gundas closed 7 years ago

gundas commented 7 years ago

While it is not a security risk since getEther() transfers the Ethers to the Foundation, it could be used as an annoying "denial-of-service" attack - the receiveToken(...) method will fail if the exchangeLigh.sol contract's balance is 0.

iFA88 commented 7 years ago

annoying "denial-of-service"

This costs gas, like when I send to your address 12k transaction without any ether. I dont' think that have any point.. only feed the miners :)

ethod will fail if the exchangeLigh.sol contract's balance is 0.

Yes, this is correct. We need cover the exchange, so we need send ether to the contract if we want to buy tokens.

gundas commented 7 years ago

For 1 USD I could call getEther() function more than 100 times. Imagine someone angry decides to burn 1 ETC for that :)

iFA88 commented 7 years ago

with 1000 USD you can call 100k times, makes no sense :) Better is when you give that for a foundation :D