Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Securence of ERC20 transferFrom
See original GitHub issuePlease explain, what prevents such kind of attack ?
Imagine Alice calls approve(Contract.address, amount) to invoke Contract’ method() which withdraws from her address.
Then imagine Bob has accidentally found it out, and he wants to prevent Alice invokes method().
So he waits until Alice’ approve transaction is mined, then calls transferFrom(Alice.address, Contract.address, amount) and pushes it faster then Alice pushes method(). In the end, Contract receives money, but method cannot be invoked because allowance now is zero. And so money is lost for Alice.
Issue Analytics
- State:
- Created 4 years ago
- Comments:5 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@roleengineer I have asked the same question yesterday, I think someone made a mistake in a pr, at least at the original version, it will check
at first.
By the way, For support questions (rather than Feature Requests or Bug Reports), as @abcoathup 's suggestion that you can ask in the : OpenZeppelin Community Forum that way the entire community can help answer your question.