Hacker News new | past | comments | ask | show | jobs | submit login

To clarify, reentrant errors are not atomicity errors. Fully serializable transactions can have reentrant errors and they often do, but that class of error is a case of the code not doing what you expect rather than an atomic violation.

What I would instead wager is that it's too easy to introduce reentrant errors in Solidity.

I've noticed since the DAO exploit, the ecosystem has been better about this though. For example, Solidity's docs has a section of reentrancy, and even the in-browser editor can warn you about reentrancy in some cases. Seems to be improving, though unfortunately after big expense.




Luckily, while it's easy to introduce reentrant errors, it's also easy to avoid them: just make sure that an ETH transfer or another call to an unknown contract is always the last thing you do in a transaction.

It's sometimes easy to miss, but the ecosystem is also a lot better at insisting on public security audits.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: