Giters

FundRequest / contracts

Contracts for FundRequest (platform, token, crowdsale)

Home Page:https://fundrequest.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Substraction should come before the addition

pauliax opened this issue · comments

commented

Expected behavior

balances[_from] = balances[_from].sub(_value);
balances[_to] = balances[_to].add(_value);
allowed[_from][msg.sender] = _allowance.sub(_value);

Actual behavior

balances[_to] = balances[_to].add(_value);
balances[_from] = balances[_from].sub(_value);
allowed[_from][msg.sender] = _allowance.sub(_value);

Steps to reproduce the behavior

Reorder these lines as substraction should always come before the addition to make your code more secure against re-entrancy attacks.
Also, please make sure that this correctly done in other functions.
Good example:
https://github.com/OpenZeppelin/zeppelin-solidity/blob/master/contracts/token/StandardToken.sol

commented

Using Minime tokens now, we'll be closing these tickets.