Hacker News new | ask | show | jobs
by DennisP 3253 days ago
Transactions on Ethereum are atomic. If something throws, everything rolls back.

There's one well-known exception, which is that if your contract sends ETH to another contract, invoking its fallback function, then a throw in the callee just means the call returns false. So in that particular case you have to check the return value and rethrow to make it atomic; this sounds crazy but in some circumstances you don't actually want to throw. The compiler gives you a warning if you don't check.
1 comments
Animats 3253 days ago
Didn't the DAO hack happen because someone found a way to make an "atomic" transaction fail without full rollback?
link
DennisP 3253 days ago
No, it was a reentrant attack. The contract was doing a state change after sending ETH, and since the recipient called back, it was able to get repeated ETH sends before the state updated.
link
Animats 3253 days ago
That's an atomicity failure. That class of bug, incidentally, is a classic source of trouble in window/widget GUI systems.
link
DennisP 3253 days ago
Hah, I used to run into a lot of those GUI issues, and hadn't made the connection until now.
link
always_good 3253 days ago
It's a logic error. It's actually still atomic.
link
always_good 3252 days ago
To clarify, reentrant errors are not atomicity errors. Fully serializable transactions can have reentrant errors and they often do, but that class of error is a case of the code not doing what you expect rather than an atomic violation.

What I would instead wager is that it's too easy to introduce reentrant errors in Solidity.

I've noticed since the DAO exploit, the ecosystem has been better about this though. For example, Solidity's docs has a section of reentrancy, and even the in-browser editor can warn you about reentrancy in some cases. Seems to be improving, though unfortunately after big expense.

link
DennisP 3252 days ago
Luckily, while it's easy to introduce reentrant errors, it's also easy to avoid them: just make sure that an ETH transfer or another call to an unknown contract is always the last thing you do in a transaction.

It's sometimes easy to miss, but the ecosystem is also a lot better at insisting on public security audits.

link