EO bugs

定价两次-同一事件在确认前再次发生

pragma solidity ^0.4.18;

contract TransactionOrdering {
    uint256 price;
    address owner;
    
    event Purchase(address _buyer, uint256 _price);
    event PriceChange(address _owner, uint256 _price);
    
    modifier ownerOnly() {
        require(msg.sender == owner);
        _;
    }

    function TransactionOrdering() {
        // constructor
        owner = msg.sender;
        price = 100;
    }

    function buy() returns (uint256) {
        Purchase(msg.sender, price);
        return price;
    }

    function setPrice(uint256 _price) ownerOnly() {
        price = _price;
        PriceChange(owner, price);
    }
}

改价失败-同一事件再次发生前就完成了流程

contract IOU{ 
	// Approves the transfer of tokens 
	function approve(address _spender, uint256 _val) { 
		allowed[msg.sender][_spender] = _val; 
		return true; 
	} 
// Transfers tokens 
	function transferFrom(address _from, address _to, uint256 _val) { 
		require(
			allowed[_from][msg.sender] >= _val
			&& balances[_from] >= _val 
			&& _val > 0); 
		balances[_from] -= _val;
		balances[_to] += _val; 
		allowed [_from][msg.sender] -= _val;
		return true; 
	} 
}  

多人支付,总量不足-异步调用的问题,没能区别总成交量=目前已经完成的成交量+已经允许,但还没有callback的成交量,忽视了后面这一部分(Improper Check on Ether)

contract Casino{
    function bet() payable {
        // make sure we can pay out the player 
        if (address(this).balance < msg.value * 100 ) throw; 
            bytes32 oid = oraclize_query(...); // random 
            bets[oid] = msg.value; 
            players[oid] = msg.sender; 
    } 
    function __callback(bytes32 myid, string result) 
        onlyOraclize onlyIfNotProcessed(myid) { 
        if (parseInt(result) % 200 == 42)
            players[myid].send( bets[myid] * 100 ); 
    } 
} 

没有在异步调用时区别身份-异步调用的返回可能是打乱顺序的

contract CasinoAltered{
    function bet() payable {
        // make sure we can pay out the player 
        if (address(this).balance < msg.value * 100 ) throw; 
            bytes32 oid = oraclize_query(...); // random 
            bets[oid] = msg.value; 
            players[oid] = msg.sender; 
    } 
    function __callback(bytes32 myid, string result) 
        onlyOraclize onlyIfNotProcessed(myid) { 
        if (parseInt(result) % 200 == 42)
            players[myid].send( bets[bets.size() -1] * 100 ); 
    } 
} 

 

posted @ 2019-03-27 11:52  雪溯  阅读(134)  评论(0编辑  收藏  举报