Is this code safe?
——————————————-
function bid() public payable {
require(msg.value > lastPrice);
address payable previousOwner = payable(currentOwner);
previousOwner.send(msg.value);
currentOwner = msg.sender;
lastPrice = msg.value;
}
——————————————-
I dont want to use a separate withdrawal function, to save gas. But I also don't want to use transfer because the current owner could be a malicious contract that always fails when eth is sent to it, making it impossible for anyone to outbid him. Am I right that with this implementation if currentOwner is a malicious contract that will fail on eth send, the function would still execute regardless of send failing?
Sep 6, 2021, 12:26 PM
is msg.value safe or can it be spoofed by the calling contract? Like if someone sends 10 eth to their own contract (msg.value = 10 eth) and that contract calls my contract payable function, will my contract see msg.value as 10 eth?
Sep 6, 2021, 1:11 PM
Yes, cannot be spoofed in the way you;re suggesting
Sep 6, 2021, 1:12 PM
If A calls payable function of b with 10 eth and those eth are forwarded to payable function of your contract yes it will see the 10 eth
Sep 6, 2021, 1:13 PM
great
Sep 6, 2021, 1:13 PM
Usually on presale you just need to exclude a bunch of addresses from restrictions and that's all
Sep 6, 2021, 1:15 PM
then after finalizing the sale you turn taxes and fee;s on again
Whitelist the dxsale router*
Sep 6, 2021, 1:18 PM
Host your images on ipfs not on your server
Sep 6, 2021, 2:07 PM
yeah, if you host it on your own server it will expose it to all sorts of nasty stuff
Sep 6, 2021, 2:08 PM