DerScanner
Home / Vulnerability Database / Solidity : DoS with unexpected revert or failed call
Solidity

Solidity : DoS with unexpected revert or failed call

Classification

CWE
CWE-703

Overview

External calls may fail to work accidentally or deliberately, which can cause a DoS state in the contract and enable an attacker to disrupt the logic of the contract, for example to unfairly win the auction.

To minimize the damage caused by such failures, it is better to isolate each external call into its own transaction that can be initiated by the recipient of the call. This is especially relevant for payments, where it is better to let users withdraw funds rather than push funds to them automatically.

References

  1. SWC-113: DoS with Failed Call
  2. CWE-703: Improper Check or Handling of Exceptional Conditions
  3. ConsenSys Smart Contract Best Practices
MEDIUM

DerScanner Severity Score

Do you want to fix Solidity : DoS with unexpected revert or failed call in your application?

See also

Solidity

Solidity : Return value of transfer, transferFrom, or approve function of ERC-20 standard is always false.

Solidity

Solidity : Using approve function of the ERC-20 token standard

Solidity

Solidity : ERC-20 transfer should throw