Update security rules to follow new best practices for transferring value

duaraghav8 / Ethlint

(Formerly Solium) Code quality & Security Linter for Solidity

https://ethlint.readthedocs.io/en/latest/

MIT License

926 stars 128 forks source link

Update security rules to follow new best practices for transferring value #275

Open vince0656 opened 4 years ago

vince0656 commented 4 years ago

Name Not thought of a name

Problem Based on https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/ we are now using .call.value() to send value. However, this means that Solium is throwing the following: 72:37 error Consider using 'transfer' in place of 'call.value()'. security/no-call-value

Description We are suppressing this warning for now but would be great if we could fix

Priority Med/Low

vince0656 commented 4 years ago

@jamesmorgan

duaraghav8 commented 4 years ago

Hi @vince0656 I just noticed this issue, I'm not seeing a lot of notifs on my github, its been messed up for a while. Sorry for responding so late.

To be clear, does Ethereum and/or Consensys encourage the use of call.value()? If yes, is there any authoritative document on this? Or is this diligence document the most authoritative in your opinion?

jamesmorgan commented 4 years ago

@duaraghav8 I think its in the doc @vince0656 linked above https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/