EO bugs
定价两次-同一事件在确认前再次发生
pragma solidity ^0.4.18; contract TransactionOrdering { uint256 price; address owner; event Purchase(address _buyer, uint256 _price); event PriceChange(address _owner, uint256 _price); modifier ownerOnly() { require(msg.sender == owner); _; } function TransactionOrdering() { // constructor owner = msg.sender; price = 100; } function buy() returns (uint256) { Purchase(msg.sender, price); return price; } function setPrice(uint256 _price) ownerOnly() { price = _price; PriceChange(owner, price); } }
改价失败-同一事件再次发生前就完成了流程
contract IOU{ // Approves the transfer of tokens function approve(address _spender, uint256 _val) { allowed[msg.sender][_spender] = _val; return true; } // Transfers tokens function transferFrom(address _from, address _to, uint256 _val) { require( allowed[_from][msg.sender] >= _val && balances[_from] >= _val && _val > 0); balances[_from] -= _val; balances[_to] += _val; allowed [_from][msg.sender] -= _val; return true; } }
多人支付,总量不足-异步调用的问题,没能区别总成交量=目前已经完成的成交量+已经允许,但还没有callback的成交量,忽视了后面这一部分(Improper Check on Ether)
contract Casino{ function bet() payable { // make sure we can pay out the player if (address(this).balance < msg.value * 100 ) throw; bytes32 oid = oraclize_query(...); // random bets[oid] = msg.value; players[oid] = msg.sender; } function __callback(bytes32 myid, string result) onlyOraclize onlyIfNotProcessed(myid) { if (parseInt(result) % 200 == 42) players[myid].send( bets[myid] * 100 ); } }
没有在异步调用时区别身份-异步调用的返回可能是打乱顺序的
contract CasinoAltered{ function bet() payable { // make sure we can pay out the player if (address(this).balance < msg.value * 100 ) throw; bytes32 oid = oraclize_query(...); // random bets[oid] = msg.value; players[oid] = msg.sender; } function __callback(bytes32 myid, string result) onlyOraclize onlyIfNotProcessed(myid) { if (parseInt(result) % 200 == 42) players[myid].send( bets[bets.size() -1] * 100 ); } }