Skip to content
This repository has been archived by the owner on Jun 20, 2024. It is now read-only.

Commit

Permalink
📝 format
Browse files Browse the repository at this point in the history
  • Loading branch information
omarespejel committed Nov 22, 2023
1 parent 9b9b26b commit 4633176
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
10 changes: 6 additions & 4 deletions src/ch02-14-security-considerations.md
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,7 @@ fn on_receive_sword(ref self: ContractState) {
}
}
```

Reentrancy protections are critical in many ERC standards with `safeTransfer` functions (like ERC721, ERC777, ERC1155, ERC223) and in flash loans, where borrower contracts need to safely use and return funds.

### Recommendation:
Expand Down Expand Up @@ -285,8 +286,8 @@ When these functions encounter overflows or underflows, the transaction will rev

Failure reasons for `u256`:

* Overflow: `0x753235365f616464204f766572666c6f77=u256_add Overflow`
* Underflow: `0x753235365f737562204f766572666c6f77=u256_sub Overflow`
- Overflow: `0x753235365f616464204f766572666c6f77=u256_add Overflow`
- Underflow: `0x753235365f737562204f766572666c6f77=u256_sub Overflow`

Similarly, the `u128` data type can be used to handle overflow and underflow:

Expand All @@ -308,8 +309,9 @@ Overflow or underflow in u128 will similarly revert the transaction, with corres
<img alt="u128" src="img/ch02-sec_under_u128.png" class="center" style="width: 75%;" />

Failure reasons for u128:
- Overflow: `0x753132385f616464204f766572666c6f77=u128_add Overflow`
- Underflow: `0x753132385f737562204f766572666c6f77=u128_sub Overflow`

- Overflow: `0x753132385f616464204f766572666c6f77=u128_add Overflow`
- Underflow: `0x753132385f737562204f766572666c6f77=u128_sub Overflow`

Using these data types, you can ensure safer arithmetic operations in your smart contracts, avoiding unintended consequences of overflows and underflows.

Expand Down
2 changes: 0 additions & 2 deletions src/ch02-15-security-tools.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,5 @@ This section covers:
Below is an overview of the tools for Starknet security testing discussed in this chapter:

1. **Cairo-fuzzer**: A tool for smart contract developers to test security. It functions both as a standalone tool and as a library.

2. **Caracal**: A static analysis tool for Starknet smart contracts, utilizing the SIERRA representation.

3. **Thoth**: A comprehensive Cairo/Starknet security toolkit. It includes analyzers, disassemblers, and decompilers.

0 comments on commit 4633176

Please sign in to comment.