Closed sihoang closed 5 years ago
The order of .transfer matters the most. If users address is a smart contract, the transfer method will trigger their default payable method which could do malicious things like calling our claim method again.
transfer
claim
Adding nonreentrant modifier is for super conservative in the event of protocol bug like Constantinople https://blog.ethereum.org/2019/01/15/security-alert-ethereum-constantinople-postponement/
The order of .transfer matters the most. If users address is a smart contract, the
transfermethod will trigger their default payable method which could do malicious things like calling ourclaimmethod again.Adding nonreentrant modifier is for super conservative in the event of protocol bug like Constantinople https://blog.ethereum.org/2019/01/15/security-alert-ethereum-constantinople-postponement/