|
|
|
|
|
|
by masklinn
3250 days ago
|
|
|
Even that's only scratching the surface of how awful Solidity is. An example of minor security detail straight from the documentation is this: for(var i=0; i<arr.length; ++i) {
Solidity is a "statically typed language" with "type inference". In most of these, you'd expect i to be typed as whatever the type of arr.length is, but Solidity does not care, it sees `var i = 0`, 0 fits into a uint8 so a uint8 i is, it'll get promoted during the comparison and if arr has more than 255 elements it'll overflow and the loop is infinite. |
|
|