Skip to content
This repository has been archived by the owner on May 1, 2019. It is now read-only.

Commit

Permalink
Mitigate the race condition in the ERC20 protocol regarding approve/t…
Browse files Browse the repository at this point in the history 
…ransferFrom.

ethereum/EIPs#20 (comment)
  • Loading branch information
Sven Obser committed Jun 22, 2017
1 parent ca55b86 commit 3f0f959
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions contracts/StandardToken.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,12 @@ contract StandardToken is Token {
onlyPayloadSize(2)
returns (bool success)
{
// WARNING! When changing the approval amount, first set it back to zero AND
// wait until the transaction is mined. Only afterwards set the new amount.
// Otherwise you may be prone to a race condition attack.
// See: https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
require(_value != 0 || allowed[msg.sender][_spender] == 0);

allowed[msg.sender][_spender] = _value;
Approval(msg.sender, _spender, _value);
return true;
Expand Down

0 comments on commit 3f0f959

Please sign in to comment.